OLD | NEW |
1 /* ssl/s2_lib.c */ | 1 /* ssl/s2_lib.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
| 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
| 60 * |
| 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions |
| 63 * are met: |
| 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. |
| 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in |
| 70 * the documentation and/or other materials provided with the |
| 71 * distribution. |
| 72 * |
| 73 * 3. All advertising materials mentioning features or use of this |
| 74 * software must display the following acknowledgment: |
| 75 * "This product includes software developed by the OpenSSL Project |
| 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 77 * |
| 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 79 * endorse or promote products derived from this software without |
| 80 * prior written permission. For written permission, please contact |
| 81 * openssl-core@openssl.org. |
| 82 * |
| 83 * 5. Products derived from this software may not be called "OpenSSL" |
| 84 * nor may "OpenSSL" appear in their names without prior written |
| 85 * permission of the OpenSSL Project. |
| 86 * |
| 87 * 6. Redistributions of any form whatsoever must retain the following |
| 88 * acknowledgment: |
| 89 * "This product includes software developed by the OpenSSL Project |
| 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 91 * |
| 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 * ==================================================================== |
| 105 * |
| 106 * This product includes cryptographic software written by Eric Young |
| 107 * (eay@cryptsoft.com). This product includes software written by Tim |
| 108 * Hudson (tjh@cryptsoft.com). |
| 109 * |
| 110 */ |
58 | 111 |
59 #include "ssl_locl.h" | 112 #include "ssl_locl.h" |
60 #ifndef OPENSSL_NO_SSL2 | 113 #ifndef OPENSSL_NO_SSL2 |
61 #include <stdio.h> | 114 #include <stdio.h> |
62 #include <openssl/objects.h> | 115 #include <openssl/objects.h> |
63 #include <openssl/evp.h> | 116 #include <openssl/evp.h> |
64 #include <openssl/md5.h> | 117 #include <openssl/md5.h> |
65 | 118 |
66 const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; | 119 const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; |
67 | 120 |
68 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) | 121 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) |
69 | 122 |
70 /* list of available SSLv2 ciphers (sorted by id) */ | 123 /* list of available SSLv2 ciphers (sorted by id) */ |
71 OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | 124 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={ |
| 125 #if 0 |
72 /* NULL_WITH_MD5 v3 */ | 126 /* NULL_WITH_MD5 v3 */ |
73 #if 0 | |
74 { | 127 { |
75 1, | 128 1, |
76 SSL2_TXT_NULL_WITH_MD5, | 129 SSL2_TXT_NULL_WITH_MD5, |
77 SSL2_CK_NULL_WITH_MD5, | 130 SSL2_CK_NULL_WITH_MD5, |
78 » SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, | 131 » SSL_kRSA, |
| 132 » SSL_aRSA, |
| 133 » SSL_eNULL, |
| 134 » SSL_MD5, |
| 135 » SSL_SSLV2, |
79 SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, | 136 SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, |
80 0, | 137 0, |
81 0, | 138 0, |
82 0, | 139 0, |
83 SSL_ALL_CIPHERS, | |
84 SSL_ALL_STRENGTHS, | |
85 }, | 140 }, |
86 #endif | 141 #endif |
| 142 |
87 /* RC4_128_WITH_MD5 */ | 143 /* RC4_128_WITH_MD5 */ |
88 { | 144 { |
89 1, | 145 1, |
90 SSL2_TXT_RC4_128_WITH_MD5, | 146 SSL2_TXT_RC4_128_WITH_MD5, |
91 SSL2_CK_RC4_128_WITH_MD5, | 147 SSL2_CK_RC4_128_WITH_MD5, |
92 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, | 148 » SSL_kRSA, |
| 149 » SSL_aRSA, |
| 150 » SSL_RC4, |
| 151 » SSL_MD5, |
| 152 » SSL_SSLV2, |
93 SSL_NOT_EXP|SSL_MEDIUM, | 153 SSL_NOT_EXP|SSL_MEDIUM, |
94 0, | 154 0, |
95 128, | 155 128, |
96 128, | 156 128, |
97 SSL_ALL_CIPHERS, | |
98 SSL_ALL_STRENGTHS, | |
99 }, | 157 }, |
| 158 |
100 /* RC4_128_EXPORT40_WITH_MD5 */ | 159 /* RC4_128_EXPORT40_WITH_MD5 */ |
101 { | 160 { |
102 1, | 161 1, |
103 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, | 162 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, |
104 SSL2_CK_RC4_128_EXPORT40_WITH_MD5, | 163 SSL2_CK_RC4_128_EXPORT40_WITH_MD5, |
105 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, | 164 » SSL_kRSA, |
| 165 » SSL_aRSA, |
| 166 » SSL_RC4, |
| 167 » SSL_MD5, |
| 168 » SSL_SSLV2, |
106 SSL_EXPORT|SSL_EXP40, | 169 SSL_EXPORT|SSL_EXP40, |
107 SSL2_CF_5_BYTE_ENC, | 170 SSL2_CF_5_BYTE_ENC, |
108 40, | 171 40, |
109 128, | 172 128, |
110 SSL_ALL_CIPHERS, | |
111 SSL_ALL_STRENGTHS, | |
112 }, | 173 }, |
| 174 |
113 /* RC2_128_CBC_WITH_MD5 */ | 175 /* RC2_128_CBC_WITH_MD5 */ |
114 { | 176 { |
115 1, | 177 1, |
116 SSL2_TXT_RC2_128_CBC_WITH_MD5, | 178 SSL2_TXT_RC2_128_CBC_WITH_MD5, |
117 SSL2_CK_RC2_128_CBC_WITH_MD5, | 179 SSL2_CK_RC2_128_CBC_WITH_MD5, |
118 » SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, | 180 » SSL_kRSA, |
| 181 » SSL_aRSA, |
| 182 » SSL_RC2, |
| 183 » SSL_MD5, |
| 184 » SSL_SSLV2, |
119 SSL_NOT_EXP|SSL_MEDIUM, | 185 SSL_NOT_EXP|SSL_MEDIUM, |
120 0, | 186 0, |
121 128, | 187 128, |
122 128, | 188 128, |
123 SSL_ALL_CIPHERS, | |
124 SSL_ALL_STRENGTHS, | |
125 }, | 189 }, |
| 190 |
126 /* RC2_128_CBC_EXPORT40_WITH_MD5 */ | 191 /* RC2_128_CBC_EXPORT40_WITH_MD5 */ |
127 { | 192 { |
128 1, | 193 1, |
129 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, | 194 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, |
130 SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, | 195 SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, |
131 » SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, | 196 » SSL_kRSA, |
| 197 » SSL_aRSA, |
| 198 » SSL_RC2, |
| 199 » SSL_MD5, |
| 200 » SSL_SSLV2, |
132 SSL_EXPORT|SSL_EXP40, | 201 SSL_EXPORT|SSL_EXP40, |
133 SSL2_CF_5_BYTE_ENC, | 202 SSL2_CF_5_BYTE_ENC, |
134 40, | 203 40, |
135 128, | 204 128, |
136 SSL_ALL_CIPHERS, | |
137 SSL_ALL_STRENGTHS, | |
138 }, | 205 }, |
| 206 |
| 207 #ifndef OPENSSL_NO_IDEA |
139 /* IDEA_128_CBC_WITH_MD5 */ | 208 /* IDEA_128_CBC_WITH_MD5 */ |
140 #ifndef OPENSSL_NO_IDEA | |
141 { | 209 { |
142 1, | 210 1, |
143 SSL2_TXT_IDEA_128_CBC_WITH_MD5, | 211 SSL2_TXT_IDEA_128_CBC_WITH_MD5, |
144 SSL2_CK_IDEA_128_CBC_WITH_MD5, | 212 SSL2_CK_IDEA_128_CBC_WITH_MD5, |
145 » SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2, | 213 » SSL_kRSA, |
| 214 » SSL_aRSA, |
| 215 » SSL_IDEA, |
| 216 » SSL_MD5, |
| 217 » SSL_SSLV2, |
146 SSL_NOT_EXP|SSL_MEDIUM, | 218 SSL_NOT_EXP|SSL_MEDIUM, |
147 0, | 219 0, |
148 128, | 220 128, |
149 128, | 221 128, |
150 SSL_ALL_CIPHERS, | |
151 SSL_ALL_STRENGTHS, | |
152 }, | 222 }, |
153 #endif | 223 #endif |
| 224 |
154 /* DES_64_CBC_WITH_MD5 */ | 225 /* DES_64_CBC_WITH_MD5 */ |
155 { | 226 { |
156 1, | 227 1, |
157 SSL2_TXT_DES_64_CBC_WITH_MD5, | 228 SSL2_TXT_DES_64_CBC_WITH_MD5, |
158 SSL2_CK_DES_64_CBC_WITH_MD5, | 229 SSL2_CK_DES_64_CBC_WITH_MD5, |
159 » SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2, | 230 » SSL_kRSA, |
| 231 » SSL_aRSA, |
| 232 » SSL_DES, |
| 233 » SSL_MD5, |
| 234 » SSL_SSLV2, |
160 SSL_NOT_EXP|SSL_LOW, | 235 SSL_NOT_EXP|SSL_LOW, |
161 0, | 236 0, |
162 56, | 237 56, |
163 56, | 238 56, |
164 SSL_ALL_CIPHERS, | |
165 SSL_ALL_STRENGTHS, | |
166 }, | 239 }, |
| 240 |
167 /* DES_192_EDE3_CBC_WITH_MD5 */ | 241 /* DES_192_EDE3_CBC_WITH_MD5 */ |
168 { | 242 { |
169 1, | 243 1, |
170 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, | 244 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, |
171 SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, | 245 SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, |
172 » SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2, | 246 » SSL_kRSA, |
| 247 » SSL_aRSA, |
| 248 » SSL_3DES, |
| 249 » SSL_MD5, |
| 250 » SSL_SSLV2, |
173 SSL_NOT_EXP|SSL_HIGH, | 251 SSL_NOT_EXP|SSL_HIGH, |
174 0, | 252 0, |
175 168, | 253 168, |
176 168, | 254 168, |
177 SSL_ALL_CIPHERS, | |
178 SSL_ALL_STRENGTHS, | |
179 }, | 255 }, |
| 256 |
| 257 #if 0 |
180 /* RC4_64_WITH_MD5 */ | 258 /* RC4_64_WITH_MD5 */ |
181 #if 0 | |
182 { | 259 { |
183 1, | 260 1, |
184 SSL2_TXT_RC4_64_WITH_MD5, | 261 SSL2_TXT_RC4_64_WITH_MD5, |
185 SSL2_CK_RC4_64_WITH_MD5, | 262 SSL2_CK_RC4_64_WITH_MD5, |
186 » SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, | 263 » SSL_kRSA, |
| 264 » SSL_aRSA, |
| 265 » SSL_RC4, |
| 266 » SSL_MD5, |
| 267 » SSL_SSLV2, |
187 SSL_NOT_EXP|SSL_LOW, | 268 SSL_NOT_EXP|SSL_LOW, |
188 SSL2_CF_8_BYTE_ENC, | 269 SSL2_CF_8_BYTE_ENC, |
189 64, | 270 64, |
190 64, | 271 64, |
191 SSL_ALL_CIPHERS, | |
192 SSL_ALL_STRENGTHS, | |
193 }, | 272 }, |
194 #endif | 273 #endif |
| 274 |
| 275 #if 0 |
195 /* NULL SSLeay (testing) */ | 276 /* NULL SSLeay (testing) */ |
196 #if 0 | |
197 { | 277 { |
198 0, | 278 0, |
199 SSL2_TXT_NULL, | 279 SSL2_TXT_NULL, |
200 SSL2_CK_NULL, | 280 SSL2_CK_NULL, |
201 0, | 281 0, |
| 282 0, |
| 283 0, |
| 284 0, |
| 285 SSL_SSLV2, |
202 SSL_STRONG_NONE, | 286 SSL_STRONG_NONE, |
203 0, | 287 0, |
204 0, | 288 0, |
205 0, | 289 0, |
206 SSL_ALL_CIPHERS, | |
207 SSL_ALL_STRENGTHS, | |
208 }, | 290 }, |
209 #endif | 291 #endif |
210 | 292 |
211 /* end of list :-) */ | 293 /* end of list :-) */ |
212 }; | 294 }; |
213 | 295 |
214 long ssl2_default_timeout(void) | 296 long ssl2_default_timeout(void) |
215 { | 297 { |
216 return(300); | 298 return(300); |
217 } | 299 } |
218 | 300 |
219 IMPLEMENT_ssl2_meth_func(sslv2_base_method, | |
220 ssl_undefined_function, | |
221 ssl_undefined_function, | |
222 ssl_bad_method) | |
223 | |
224 int ssl2_num_ciphers(void) | 301 int ssl2_num_ciphers(void) |
225 { | 302 { |
226 return(SSL2_NUM_CIPHERS); | 303 return(SSL2_NUM_CIPHERS); |
227 } | 304 } |
228 | 305 |
229 SSL_CIPHER *ssl2_get_cipher(unsigned int u) | 306 const SSL_CIPHER *ssl2_get_cipher(unsigned int u) |
230 { | 307 { |
231 if (u < SSL2_NUM_CIPHERS) | 308 if (u < SSL2_NUM_CIPHERS) |
232 return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); | 309 return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); |
233 else | 310 else |
234 return(NULL); | 311 return(NULL); |
235 } | 312 } |
236 | 313 |
237 int ssl2_pending(const SSL *s) | 314 int ssl2_pending(const SSL *s) |
238 { | 315 { |
239 return SSL_in_init(s) ? 0 : s->s2->ract_data_length; | 316 return SSL_in_init(s) ? 0 : s->s2->ract_data_length; |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
330 return(0); | 407 return(0); |
331 } | 408 } |
332 | 409 |
333 long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 410 long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
334 { | 411 { |
335 return(0); | 412 return(0); |
336 } | 413 } |
337 | 414 |
338 /* This function needs to check if the ciphers required are actually | 415 /* This function needs to check if the ciphers required are actually |
339 * available */ | 416 * available */ |
340 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) | 417 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) |
341 { | 418 { |
342 » SSL_CIPHER c,*cp; | 419 » SSL_CIPHER c; |
| 420 » const SSL_CIPHER *cp; |
343 unsigned long id; | 421 unsigned long id; |
344 | 422 |
345 id=0x02000000L|((unsigned long)p[0]<<16L)| | 423 id=0x02000000L|((unsigned long)p[0]<<16L)| |
346 ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; | 424 ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; |
347 c.id=id; | 425 c.id=id; |
348 » cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, | 426 » cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS); |
349 » » (char *)ssl2_ciphers, | |
350 » » SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), | |
351 » » FP_ICC ssl_cipher_id_cmp); | |
352 if ((cp == NULL) || (cp->valid == 0)) | 427 if ((cp == NULL) || (cp->valid == 0)) |
353 return NULL; | 428 return NULL; |
354 else | 429 else |
355 return cp; | 430 return cp; |
356 } | 431 } |
357 | 432 |
358 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 433 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
359 { | 434 { |
360 long l; | 435 long l; |
361 | 436 |
362 if (p != NULL) | 437 if (p != NULL) |
363 { | 438 { |
364 l=c->id; | 439 l=c->id; |
365 if ((l & 0xff000000) != 0x02000000) return(0); | 440 if ((l & 0xff000000) != 0x02000000) return(0); |
366 p[0]=((unsigned char)(l>>16L))&0xFF; | 441 p[0]=((unsigned char)(l>>16L))&0xFF; |
367 p[1]=((unsigned char)(l>> 8L))&0xFF; | 442 p[1]=((unsigned char)(l>> 8L))&0xFF; |
368 p[2]=((unsigned char)(l ))&0xFF; | 443 p[2]=((unsigned char)(l ))&0xFF; |
369 } | 444 } |
370 return(3); | 445 return(3); |
371 } | 446 } |
372 | 447 |
373 int ssl2_generate_key_material(SSL *s) | 448 int ssl2_generate_key_material(SSL *s) |
374 { | 449 { |
375 unsigned int i; | 450 unsigned int i; |
376 EVP_MD_CTX ctx; | 451 EVP_MD_CTX ctx; |
377 unsigned char *km; | 452 unsigned char *km; |
378 unsigned char c='0'; | 453 unsigned char c='0'; |
379 const EVP_MD *md5; | 454 const EVP_MD *md5; |
| 455 int md_size; |
380 | 456 |
381 md5 = EVP_md5(); | 457 md5 = EVP_md5(); |
382 | 458 |
383 #ifdef CHARSET_EBCDIC | 459 #ifdef CHARSET_EBCDIC |
384 c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', | 460 c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', |
385 see SSLv2 docu */ | 461 see SSLv2 docu */ |
386 #endif | 462 #endif |
387 EVP_MD_CTX_init(&ctx); | 463 EVP_MD_CTX_init(&ctx); |
388 km=s->s2->key_material; | 464 km=s->s2->key_material; |
389 | 465 |
390 if (s->session->master_key_length < 0 || | 466 if (s->session->master_key_length < 0 || |
391 s->session->master_key_length > (int)sizeof(s->session->
master_key)) | 467 s->session->master_key_length > (int)sizeof(s->session->
master_key)) |
392 { | 468 { |
393 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | 469 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); |
394 return 0; | 470 return 0; |
395 } | 471 } |
396 | 472 » md_size = EVP_MD_size(md5); |
397 » for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) | 473 » if (md_size < 0) |
| 474 » return 0; |
| 475 » for (i=0; i<s->s2->key_material_length; i += md_size) |
398 { | 476 { |
399 » » if (((km - s->s2->key_material) + EVP_MD_size(md5)) > | 477 » » if (((km - s->s2->key_material) + md_size) > |
400 (int)sizeof(s->s2->key_material)) | 478 (int)sizeof(s->s2->key_material)) |
401 { | 479 { |
402 /* EVP_DigestFinal_ex() below would write beyond buffer
*/ | 480 /* EVP_DigestFinal_ex() below would write beyond buffer
*/ |
403 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_
ERROR); | 481 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_
ERROR); |
404 return 0; | 482 return 0; |
405 } | 483 } |
406 | 484 |
407 EVP_DigestInit_ex(&ctx, md5, NULL); | 485 EVP_DigestInit_ex(&ctx, md5, NULL); |
408 | 486 |
409 OPENSSL_assert(s->session->master_key_length >= 0 | 487 OPENSSL_assert(s->session->master_key_length >= 0 |
410 && s->session->master_key_length | 488 && s->session->master_key_length |
411 < (int)sizeof(s->session->master_key)); | 489 < (int)sizeof(s->session->master_key)); |
412 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_
key_length); | 490 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_
key_length); |
413 EVP_DigestUpdate(&ctx,&c,1); | 491 EVP_DigestUpdate(&ctx,&c,1); |
414 c++; | 492 c++; |
415 EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); | 493 EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); |
416 EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); | 494 EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); |
417 EVP_DigestFinal_ex(&ctx,km,NULL); | 495 EVP_DigestFinal_ex(&ctx,km,NULL); |
418 » » km += EVP_MD_size(md5); | 496 » » km += md_size; |
419 } | 497 } |
420 | 498 |
421 EVP_MD_CTX_cleanup(&ctx); | 499 EVP_MD_CTX_cleanup(&ctx); |
422 return 1; | 500 return 1; |
423 } | 501 } |
424 | 502 |
425 void ssl2_return_error(SSL *s, int err) | 503 void ssl2_return_error(SSL *s, int err) |
426 { | 504 { |
427 if (!s->error) | 505 if (!s->error) |
428 { | 506 { |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
469 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | 547 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
470 return(1); | 548 return(1); |
471 } | 549 } |
472 #else /* !OPENSSL_NO_SSL2 */ | 550 #else /* !OPENSSL_NO_SSL2 */ |
473 | 551 |
474 # if PEDANTIC | 552 # if PEDANTIC |
475 static void *dummy=&dummy; | 553 static void *dummy=&dummy; |
476 # endif | 554 # endif |
477 | 555 |
478 #endif | 556 #endif |
OLD | NEW |