OLD | NEW |
1 /* ssl/s2_srvr.c */ | 1 /* ssl/s2_srvr.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
110 */ | 110 */ |
111 | 111 |
112 #include "ssl_locl.h" | 112 #include "ssl_locl.h" |
113 #ifndef OPENSSL_NO_SSL2 | 113 #ifndef OPENSSL_NO_SSL2 |
114 #include <stdio.h> | 114 #include <stdio.h> |
115 #include <openssl/bio.h> | 115 #include <openssl/bio.h> |
116 #include <openssl/rand.h> | 116 #include <openssl/rand.h> |
117 #include <openssl/objects.h> | 117 #include <openssl/objects.h> |
118 #include <openssl/evp.h> | 118 #include <openssl/evp.h> |
119 | 119 |
120 static SSL_METHOD *ssl2_get_server_method(int ver); | 120 static const SSL_METHOD *ssl2_get_server_method(int ver); |
121 static int get_client_master_key(SSL *s); | 121 static int get_client_master_key(SSL *s); |
122 static int get_client_hello(SSL *s); | 122 static int get_client_hello(SSL *s); |
123 static int server_hello(SSL *s); | 123 static int server_hello(SSL *s); |
124 static int get_client_finished(SSL *s); | 124 static int get_client_finished(SSL *s); |
125 static int server_verify(SSL *s); | 125 static int server_verify(SSL *s); |
126 static int server_finish(SSL *s); | 126 static int server_finish(SSL *s); |
127 static int request_certificate(SSL *s); | 127 static int request_certificate(SSL *s); |
128 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, | 128 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, |
129 unsigned char *to,int padding); | 129 unsigned char *to,int padding); |
130 #define BREAK break | 130 #define BREAK break |
131 | 131 |
132 static SSL_METHOD *ssl2_get_server_method(int ver) | 132 static const SSL_METHOD *ssl2_get_server_method(int ver) |
133 { | 133 { |
134 if (ver == SSL2_VERSION) | 134 if (ver == SSL2_VERSION) |
135 return(SSLv2_server_method()); | 135 return(SSLv2_server_method()); |
136 else | 136 else |
137 return(NULL); | 137 return(NULL); |
138 } | 138 } |
139 | 139 |
140 IMPLEMENT_ssl2_meth_func(SSLv2_server_method, | 140 IMPLEMENT_ssl2_meth_func(SSLv2_server_method, |
141 ssl2_accept, | 141 ssl2_accept, |
142 ssl_undefined_function, | 142 ssl_undefined_function, |
(...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
359 if (cb != NULL) | 359 if (cb != NULL) |
360 cb(s,SSL_CB_ACCEPT_EXIT,ret); | 360 cb(s,SSL_CB_ACCEPT_EXIT,ret); |
361 return(ret); | 361 return(ret); |
362 } | 362 } |
363 | 363 |
364 static int get_client_master_key(SSL *s) | 364 static int get_client_master_key(SSL *s) |
365 { | 365 { |
366 int is_export,i,n,keya,ek; | 366 int is_export,i,n,keya,ek; |
367 unsigned long len; | 367 unsigned long len; |
368 unsigned char *p; | 368 unsigned char *p; |
369 » SSL_CIPHER *cp; | 369 » const SSL_CIPHER *cp; |
370 const EVP_CIPHER *c; | 370 const EVP_CIPHER *c; |
371 const EVP_MD *md; | 371 const EVP_MD *md; |
372 | 372 |
373 p=(unsigned char *)s->init_buf->data; | 373 p=(unsigned char *)s->init_buf->data; |
374 if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) | 374 if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) |
375 { | 375 { |
376 i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); | 376 i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); |
377 | 377 |
378 if (i < (10-s->init_num)) | 378 if (i < (10-s->init_num)) |
379 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); | 379 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); |
(...skipping 16 matching lines...) Expand all Loading... |
396 { | 396 { |
397 ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 397 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
398 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATC
H); | 398 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATC
H); |
399 return(-1); | 399 return(-1); |
400 } | 400 } |
401 s->session->cipher= cp; | 401 s->session->cipher= cp; |
402 | 402 |
403 p+=3; | 403 p+=3; |
404 n2s(p,i); s->s2->tmp.clear=i; | 404 n2s(p,i); s->s2->tmp.clear=i; |
405 n2s(p,i); s->s2->tmp.enc=i; | 405 n2s(p,i); s->s2->tmp.enc=i; |
406 » » n2s(p,i); s->session->key_arg_length=i; | 406 » » n2s(p,i); |
407 » » if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | 407 » » if(i > SSL_MAX_KEY_ARG_LENGTH) |
408 { | 408 { |
409 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 409 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LO
NG); | 410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LO
NG); |
411 return -1; | 411 return -1; |
412 } | 412 } |
| 413 s->session->key_arg_length=i; |
413 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | 414 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; |
414 } | 415 } |
415 | 416 |
416 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | 417 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ |
417 p=(unsigned char *)s->init_buf->data; | 418 p=(unsigned char *)s->init_buf->data; |
418 if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 419 if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) |
419 { | 420 { |
420 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 421 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
421 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | 422 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
422 return -1; | 423 return -1; |
(...skipping 21 matching lines...) Expand all Loading... |
444 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 445 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
445 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); | 446 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); |
446 return(-1); | 447 return(-1); |
447 } | 448 } |
448 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, | 449 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, |
449 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), | 450 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), |
450 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); | 451 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); |
451 | 452 |
452 is_export=SSL_C_IS_EXPORT(s->session->cipher); | 453 is_export=SSL_C_IS_EXPORT(s->session->cipher); |
453 | 454 |
454 » if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) | 455 » if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) |
455 { | 456 { |
456 ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 457 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
457 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER
_FUNCTIONS); | 458 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER
_FUNCTIONS); |
458 return(0); | 459 return(0); |
459 } | 460 } |
460 | 461 |
461 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) | 462 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) |
462 { | 463 { |
463 is_export=1; | 464 is_export=1; |
464 ek=8; | 465 ek=8; |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
690 return(1); | 691 return(1); |
691 mem_err: | 692 mem_err: |
692 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | 693 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); |
693 return(0); | 694 return(0); |
694 } | 695 } |
695 | 696 |
696 static int server_hello(SSL *s) | 697 static int server_hello(SSL *s) |
697 { | 698 { |
698 unsigned char *p,*d; | 699 unsigned char *p,*d; |
699 int n,hit; | 700 int n,hit; |
700 STACK_OF(SSL_CIPHER) *sk; | |
701 | 701 |
702 p=(unsigned char *)s->init_buf->data; | 702 p=(unsigned char *)s->init_buf->data; |
703 if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) | 703 if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) |
704 { | 704 { |
705 d=p+11; | 705 d=p+11; |
706 *(p++)=SSL2_MT_SERVER_HELLO; /* type */ | 706 *(p++)=SSL2_MT_SERVER_HELLO; /* type */ |
707 hit=s->hit; | 707 hit=s->hit; |
708 *(p++)=(unsigned char)hit; | 708 *(p++)=(unsigned char)hit; |
709 #if 1 | 709 #if 1 |
710 if (!hit) | 710 if (!hit) |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
771 /* put certificate type */ | 771 /* put certificate type */ |
772 *(p++)=SSL2_CT_X509_CERTIFICATE; | 772 *(p++)=SSL2_CT_X509_CERTIFICATE; |
773 s2n(s->version,p); /* version */ | 773 s2n(s->version,p); /* version */ |
774 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); | 774 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); |
775 s2n(n,p); /* certificate length */ | 775 s2n(n,p); /* certificate length */ |
776 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); | 776 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); |
777 n=0; | 777 n=0; |
778 | 778 |
779 /* lets send out the ciphers we like in the | 779 /* lets send out the ciphers we like in the |
780 * prefered order */ | 780 * prefered order */ |
781 sk= s->session->ciphers; | |
782 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); | 781 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); |
783 d+=n; | 782 d+=n; |
784 s2n(n,p); /* add cipher length */ | 783 s2n(n,p); /* add cipher length */ |
785 } | 784 } |
786 | 785 |
787 /* make and send conn_id */ | 786 /* make and send conn_id */ |
788 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ | 787 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ |
789 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; | 788 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; |
790 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length)
<= 0) | 789 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length)
<= 0) |
791 return -1; | 790 return -1; |
(...skipping 342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1134 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); | 1133 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); |
1135 return(i); | 1134 return(i); |
1136 } | 1135 } |
1137 #else /* !OPENSSL_NO_SSL2 */ | 1136 #else /* !OPENSSL_NO_SSL2 */ |
1138 | 1137 |
1139 # if PEDANTIC | 1138 # if PEDANTIC |
1140 static void *dummy=&dummy; | 1139 static void *dummy=&dummy; |
1141 # endif | 1140 # endif |
1142 | 1141 |
1143 #endif | 1142 #endif |
OLD | NEW |