s2_lib.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556
  1. /* ssl/s2_lib.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. #include "ssl_locl.h"
  112. #ifndef OPENSSL_NO_SSL2
  113. #include <stdio.h>
  114. #include <openssl/objects.h>
  115. #include <openssl/evp.h>
  116. #include <openssl/md5.h>
  117. const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
  118. #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
  119. /* list of available SSLv2 ciphers (sorted by id) */
  120. OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
  121. #if 0
  122. /* NULL_WITH_MD5 v3 */
  123. {
  124. 1,
  125. SSL2_TXT_NULL_WITH_MD5,
  126. SSL2_CK_NULL_WITH_MD5,
  127. SSL_kRSA,
  128. SSL_aRSA,
  129. SSL_eNULL,
  130. SSL_MD5,
  131. SSL_SSLV2,
  132. SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
  133. 0,
  134. 0,
  135. 0,
  136. },
  137. #endif
  138. /* RC4_128_WITH_MD5 */
  139. {
  140. 1,
  141. SSL2_TXT_RC4_128_WITH_MD5,
  142. SSL2_CK_RC4_128_WITH_MD5,
  143. SSL_kRSA,
  144. SSL_aRSA,
  145. SSL_RC4,
  146. SSL_MD5,
  147. SSL_SSLV2,
  148. SSL_NOT_EXP|SSL_MEDIUM,
  149. 0,
  150. 128,
  151. 128,
  152. },
  153. /* RC4_128_EXPORT40_WITH_MD5 */
  154. {
  155. 1,
  156. SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
  157. SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
  158. SSL_kRSA,
  159. SSL_aRSA,
  160. SSL_RC4,
  161. SSL_MD5,
  162. SSL_SSLV2,
  163. SSL_EXPORT|SSL_EXP40,
  164. SSL2_CF_5_BYTE_ENC,
  165. 40,
  166. 128,
  167. },
  168. /* RC2_128_CBC_WITH_MD5 */
  169. {
  170. 1,
  171. SSL2_TXT_RC2_128_CBC_WITH_MD5,
  172. SSL2_CK_RC2_128_CBC_WITH_MD5,
  173. SSL_kRSA,
  174. SSL_aRSA,
  175. SSL_RC2,
  176. SSL_MD5,
  177. SSL_SSLV2,
  178. SSL_NOT_EXP|SSL_MEDIUM,
  179. 0,
  180. 128,
  181. 128,
  182. },
  183. /* RC2_128_CBC_EXPORT40_WITH_MD5 */
  184. {
  185. 1,
  186. SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
  187. SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
  188. SSL_kRSA,
  189. SSL_aRSA,
  190. SSL_RC2,
  191. SSL_MD5,
  192. SSL_SSLV2,
  193. SSL_EXPORT|SSL_EXP40,
  194. SSL2_CF_5_BYTE_ENC,
  195. 40,
  196. 128,
  197. },
  198. #ifndef OPENSSL_NO_IDEA
  199. /* IDEA_128_CBC_WITH_MD5 */
  200. {
  201. 1,
  202. SSL2_TXT_IDEA_128_CBC_WITH_MD5,
  203. SSL2_CK_IDEA_128_CBC_WITH_MD5,
  204. SSL_kRSA,
  205. SSL_aRSA,
  206. SSL_IDEA,
  207. SSL_MD5,
  208. SSL_SSLV2,
  209. SSL_NOT_EXP|SSL_MEDIUM,
  210. 0,
  211. 128,
  212. 128,
  213. },
  214. #endif
  215. /* DES_64_CBC_WITH_MD5 */
  216. {
  217. 1,
  218. SSL2_TXT_DES_64_CBC_WITH_MD5,
  219. SSL2_CK_DES_64_CBC_WITH_MD5,
  220. SSL_kRSA,
  221. SSL_aRSA,
  222. SSL_DES,
  223. SSL_MD5,
  224. SSL_SSLV2,
  225. SSL_NOT_EXP|SSL_LOW,
  226. 0,
  227. 56,
  228. 56,
  229. },
  230. /* DES_192_EDE3_CBC_WITH_MD5 */
  231. {
  232. 1,
  233. SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
  234. SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
  235. SSL_kRSA,
  236. SSL_aRSA,
  237. SSL_3DES,
  238. SSL_MD5,
  239. SSL_SSLV2,
  240. SSL_NOT_EXP|SSL_HIGH,
  241. 0,
  242. 168,
  243. 168,
  244. },
  245. #if 0
  246. /* RC4_64_WITH_MD5 */
  247. {
  248. 1,
  249. SSL2_TXT_RC4_64_WITH_MD5,
  250. SSL2_CK_RC4_64_WITH_MD5,
  251. SSL_kRSA,
  252. SSL_aRSA,
  253. SSL_RC4,
  254. SSL_MD5,
  255. SSL_SSLV2,
  256. SSL_NOT_EXP|SSL_LOW,
  257. SSL2_CF_8_BYTE_ENC,
  258. 64,
  259. 64,
  260. },
  261. #endif
  262. #if 0
  263. /* NULL SSLeay (testing) */
  264. {
  265. 0,
  266. SSL2_TXT_NULL,
  267. SSL2_CK_NULL,
  268. 0,
  269. 0,
  270. 0,
  271. 0,
  272. SSL_SSLV2,
  273. SSL_STRONG_NONE,
  274. 0,
  275. 0,
  276. 0,
  277. },
  278. #endif
  279. /* end of list :-) */
  280. };
  281. long ssl2_default_timeout(void)
  282. {
  283. return(300);
  284. }
  285. int ssl2_num_ciphers(void)
  286. {
  287. return(SSL2_NUM_CIPHERS);
  288. }
  289. const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
  290. {
  291. if (u < SSL2_NUM_CIPHERS)
  292. return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
  293. else
  294. return(NULL);
  295. }
  296. int ssl2_pending(const SSL *s)
  297. {
  298. return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
  299. }
  300. int ssl2_new(SSL *s)
  301. {
  302. SSL2_STATE *s2;
  303. if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
  304. memset(s2,0,sizeof *s2);
  305. #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
  306. # error "assertion failed"
  307. #endif
  308. if ((s2->rbuf=OPENSSL_malloc(
  309. SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
  310. /* wbuf needs one byte more because when using two-byte headers,
  311. * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
  312. if ((s2->wbuf=OPENSSL_malloc(
  313. SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
  314. s->s2=s2;
  315. ssl2_clear(s);
  316. return(1);
  317. err:
  318. if (s2 != NULL)
  319. {
  320. if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
  321. if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
  322. OPENSSL_free(s2);
  323. }
  324. return(0);
  325. }
  326. void ssl2_free(SSL *s)
  327. {
  328. SSL2_STATE *s2;
  329. if(s == NULL)
  330. return;
  331. s2=s->s2;
  332. if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
  333. if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
  334. OPENSSL_cleanse(s2,sizeof *s2);
  335. OPENSSL_free(s2);
  336. s->s2=NULL;
  337. }
  338. void ssl2_clear(SSL *s)
  339. {
  340. SSL2_STATE *s2;
  341. unsigned char *rbuf,*wbuf;
  342. s2=s->s2;
  343. rbuf=s2->rbuf;
  344. wbuf=s2->wbuf;
  345. memset(s2,0,sizeof *s2);
  346. s2->rbuf=rbuf;
  347. s2->wbuf=wbuf;
  348. s2->clear_text=1;
  349. s->packet=s2->rbuf;
  350. s->version=SSL2_VERSION;
  351. s->packet_length=0;
  352. }
  353. long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
  354. {
  355. int ret=0;
  356. switch(cmd)
  357. {
  358. case SSL_CTRL_GET_SESSION_REUSED:
  359. ret=s->hit;
  360. break;
  361. default:
  362. break;
  363. }
  364. return(ret);
  365. }
  366. long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
  367. {
  368. return(0);
  369. }
  370. long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
  371. {
  372. return(0);
  373. }
  374. long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
  375. {
  376. return(0);
  377. }
  378. IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
  379. ssl_cipher_id);
  380. /* This function needs to check if the ciphers required are actually
  381. * available */
  382. const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
  383. {
  384. SSL_CIPHER c;
  385. const SSL_CIPHER *cp;
  386. unsigned long id;
  387. id=0x02000000L|((unsigned long)p[0]<<16L)|
  388. ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
  389. c.id=id;
  390. cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
  391. if ((cp == NULL) || (cp->valid == 0))
  392. return NULL;
  393. else
  394. return cp;
  395. }
  396. int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
  397. {
  398. long l;
  399. if (p != NULL)
  400. {
  401. l=c->id;
  402. if ((l & 0xff000000) != 0x02000000) return(0);
  403. p[0]=((unsigned char)(l>>16L))&0xFF;
  404. p[1]=((unsigned char)(l>> 8L))&0xFF;
  405. p[2]=((unsigned char)(l ))&0xFF;
  406. }
  407. return(3);
  408. }
  409. int ssl2_generate_key_material(SSL *s)
  410. {
  411. unsigned int i;
  412. EVP_MD_CTX ctx;
  413. unsigned char *km;
  414. unsigned char c='0';
  415. const EVP_MD *md5;
  416. md5 = EVP_md5();
  417. #ifdef CHARSET_EBCDIC
  418. c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
  419. see SSLv2 docu */
  420. #endif
  421. EVP_MD_CTX_init(&ctx);
  422. km=s->s2->key_material;
  423. if (s->session->master_key_length < 0 ||
  424. s->session->master_key_length > (int)sizeof(s->session->master_key))
  425. {
  426. SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
  427. return 0;
  428. }
  429. for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
  430. {
  431. if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
  432. (int)sizeof(s->s2->key_material))
  433. {
  434. /* EVP_DigestFinal_ex() below would write beyond buffer */
  435. SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
  436. return 0;
  437. }
  438. EVP_DigestInit_ex(&ctx, md5, NULL);
  439. OPENSSL_assert(s->session->master_key_length >= 0
  440. && s->session->master_key_length
  441. < (int)sizeof(s->session->master_key));
  442. EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
  443. EVP_DigestUpdate(&ctx,&c,1);
  444. c++;
  445. EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
  446. EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
  447. EVP_DigestFinal_ex(&ctx,km,NULL);
  448. km += EVP_MD_size(md5);
  449. }
  450. EVP_MD_CTX_cleanup(&ctx);
  451. return 1;
  452. }
  453. void ssl2_return_error(SSL *s, int err)
  454. {
  455. if (!s->error)
  456. {
  457. s->error=3;
  458. s->error_code=err;
  459. ssl2_write_error(s);
  460. }
  461. }
  462. void ssl2_write_error(SSL *s)
  463. {
  464. unsigned char buf[3];
  465. int i,error;
  466. buf[0]=SSL2_MT_ERROR;
  467. buf[1]=(s->error_code>>8)&0xff;
  468. buf[2]=(s->error_code)&0xff;
  469. /* state=s->rwstate;*/
  470. error=s->error; /* number of bytes left to write */
  471. s->error=0;
  472. OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
  473. i=ssl2_write(s,&(buf[3-error]),error);
  474. /* if (i == error) s->rwstate=state; */
  475. if (i < 0)
  476. s->error=error;
  477. else
  478. {
  479. s->error=error-i;
  480. if (s->error == 0)
  481. if (s->msg_callback)
  482. s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
  483. }
  484. }
  485. int ssl2_shutdown(SSL *s)
  486. {
  487. s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
  488. return(1);
  489. }
  490. #else /* !OPENSSL_NO_SSL2 */
  491. # if PEDANTIC
  492. static void *dummy=&dummy;
  493. # endif
  494. #endif