| OLD | NEW |
|---|
| 1 /* ssl/s2_srvr.c */ | 1 /* ssl/s2_srvr.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 110 */ | 110 */ |
| 111 | 111 |
| 112 #include "ssl_locl.h" | 112 #include "ssl_locl.h" |
| 113 #ifndef OPENSSL_NO_SSL2 | 113 #ifndef OPENSSL_NO_SSL2 |
| 114 #include <stdio.h> | 114 #include <stdio.h> |
| 115 #include <openssl/bio.h> | 115 #include <openssl/bio.h> |
| 116 #include <openssl/rand.h> | 116 #include <openssl/rand.h> |
| 117 #include <openssl/objects.h> | 117 #include <openssl/objects.h> |
| 118 #include <openssl/evp.h> | 118 #include <openssl/evp.h> |
| 119 | 119 |
| 120 static SSL_METHOD *ssl2_get_server_method(int ver); | 120 static const SSL_METHOD *ssl2_get_server_method(int ver); |
| 121 static int get_client_master_key(SSL *s); | 121 static int get_client_master_key(SSL *s); |
| 122 static int get_client_hello(SSL *s); | 122 static int get_client_hello(SSL *s); |
| 123 static int server_hello(SSL *s); | 123 static int server_hello(SSL *s); |
| 124 static int get_client_finished(SSL *s); | 124 static int get_client_finished(SSL *s); |
| 125 static int server_verify(SSL *s); | 125 static int server_verify(SSL *s); |
| 126 static int server_finish(SSL *s); | 126 static int server_finish(SSL *s); |
| 127 static int request_certificate(SSL *s); | 127 static int request_certificate(SSL *s); |
| 128 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, | 128 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, |
| 129 unsigned char *to,int padding); | 129 unsigned char *to,int padding); |
| 130 #define BREAK break | 130 #define BREAK break |
| 131 | 131 |
| 132 static SSL_METHOD *ssl2_get_server_method(int ver) | 132 static const SSL_METHOD *ssl2_get_server_method(int ver) |
| 133 { | 133 { |
| 134 if (ver == SSL2_VERSION) | 134 if (ver == SSL2_VERSION) |
| 135 return(SSLv2_server_method()); | 135 return(SSLv2_server_method()); |
| 136 else | 136 else |
| 137 return(NULL); | 137 return(NULL); |
| 138 } | 138 } |
| 139 | 139 |
| 140 IMPLEMENT_ssl2_meth_func(SSLv2_server_method, | 140 IMPLEMENT_ssl2_meth_func(SSLv2_server_method, |
| 141 ssl2_accept, | 141 ssl2_accept, |
| 142 ssl_undefined_function, | 142 ssl_undefined_function, |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 359 if (cb != NULL) | 359 if (cb != NULL) |
| 360 cb(s,SSL_CB_ACCEPT_EXIT,ret); | 360 cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 361 return(ret); | 361 return(ret); |
| 362 } | 362 } |
| 363 | 363 |
| 364 static int get_client_master_key(SSL *s) | 364 static int get_client_master_key(SSL *s) |
| 365 { | 365 { |
| 366 int is_export,i,n,keya,ek; | 366 int is_export,i,n,keya,ek; |
| 367 unsigned long len; | 367 unsigned long len; |
| 368 unsigned char *p; | 368 unsigned char *p; |
| 369 » SSL_CIPHER *cp; | 369 » const SSL_CIPHER *cp; |
| 370 const EVP_CIPHER *c; | 370 const EVP_CIPHER *c; |
| 371 const EVP_MD *md; | 371 const EVP_MD *md; |
| 372 | 372 |
| 373 p=(unsigned char *)s->init_buf->data; | 373 p=(unsigned char *)s->init_buf->data; |
| 374 if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) | 374 if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) |
| 375 { | 375 { |
| 376 i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); | 376 i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num); |
| 377 | 377 |
| 378 if (i < (10-s->init_num)) | 378 if (i < (10-s->init_num)) |
| 379 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); | 379 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 396 { | 396 { |
| 397 ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 397 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
| 398 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATC
H); | 398 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATC
H); |
| 399 return(-1); | 399 return(-1); |
| 400 } | 400 } |
| 401 s->session->cipher= cp; | 401 s->session->cipher= cp; |
| 402 | 402 |
| 403 p+=3; | 403 p+=3; |
| 404 n2s(p,i); s->s2->tmp.clear=i; | 404 n2s(p,i); s->s2->tmp.clear=i; |
| 405 n2s(p,i); s->s2->tmp.enc=i; | 405 n2s(p,i); s->s2->tmp.enc=i; |
| 406 » » n2s(p,i); s->session->key_arg_length=i; | 406 » » n2s(p,i); |
| 407 » » if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | 407 » » if(i > SSL_MAX_KEY_ARG_LENGTH) |
| 408 { | 408 { |
| 409 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 409 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
| 410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LO
NG); | 410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LO
NG); |
| 411 return -1; | 411 return -1; |
| 412 } | 412 } |
| 413 s->session->key_arg_length=i; |
| 413 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | 414 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; |
| 414 } | 415 } |
| 415 | 416 |
| 416 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | 417 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ |
| 417 p=(unsigned char *)s->init_buf->data; | 418 p=(unsigned char *)s->init_buf->data; |
| 418 if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 419 if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) |
| 419 { | 420 { |
| 420 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 421 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
| 421 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | 422 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
| 422 return -1; | 423 return -1; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 444 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 445 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
| 445 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); | 446 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); |
| 446 return(-1); | 447 return(-1); |
| 447 } | 448 } |
| 448 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, | 449 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, |
| 449 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), | 450 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), |
| 450 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); | 451 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); |
| 451 | 452 |
| 452 is_export=SSL_C_IS_EXPORT(s->session->cipher); | 453 is_export=SSL_C_IS_EXPORT(s->session->cipher); |
| 453 | 454 |
| 454 » if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) | 455 » if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) |
| 455 { | 456 { |
| 456 ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 457 ssl2_return_error(s,SSL2_PE_NO_CIPHER); |
| 457 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER
_FUNCTIONS); | 458 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER
_FUNCTIONS); |
| 458 return(0); | 459 return(0); |
| 459 } | 460 } |
| 460 | 461 |
| 461 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) | 462 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) |
| 462 { | 463 { |
| 463 is_export=1; | 464 is_export=1; |
| 464 ek=8; | 465 ek=8; |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 690 return(1); | 691 return(1); |
| 691 mem_err: | 692 mem_err: |
| 692 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | 693 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); |
| 693 return(0); | 694 return(0); |
| 694 } | 695 } |
| 695 | 696 |
| 696 static int server_hello(SSL *s) | 697 static int server_hello(SSL *s) |
| 697 { | 698 { |
| 698 unsigned char *p,*d; | 699 unsigned char *p,*d; |
| 699 int n,hit; | 700 int n,hit; |
| 700 STACK_OF(SSL_CIPHER) *sk; | |
| 701 | 701 |
| 702 p=(unsigned char *)s->init_buf->data; | 702 p=(unsigned char *)s->init_buf->data; |
| 703 if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) | 703 if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) |
| 704 { | 704 { |
| 705 d=p+11; | 705 d=p+11; |
| 706 *(p++)=SSL2_MT_SERVER_HELLO; /* type */ | 706 *(p++)=SSL2_MT_SERVER_HELLO; /* type */ |
| 707 hit=s->hit; | 707 hit=s->hit; |
| 708 *(p++)=(unsigned char)hit; | 708 *(p++)=(unsigned char)hit; |
| 709 #if 1 | 709 #if 1 |
| 710 if (!hit) | 710 if (!hit) |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 771 /* put certificate type */ | 771 /* put certificate type */ |
| 772 *(p++)=SSL2_CT_X509_CERTIFICATE; | 772 *(p++)=SSL2_CT_X509_CERTIFICATE; |
| 773 s2n(s->version,p); /* version */ | 773 s2n(s->version,p); /* version */ |
| 774 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); | 774 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); |
| 775 s2n(n,p); /* certificate length */ | 775 s2n(n,p); /* certificate length */ |
| 776 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); | 776 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); |
| 777 n=0; | 777 n=0; |
| 778 | 778 |
| 779 /* lets send out the ciphers we like in the | 779 /* lets send out the ciphers we like in the |
| 780 * prefered order */ | 780 * prefered order */ |
| 781 sk= s->session->ciphers; | |
| 782 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); | 781 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); |
| 783 d+=n; | 782 d+=n; |
| 784 s2n(n,p); /* add cipher length */ | 783 s2n(n,p); /* add cipher length */ |
| 785 } | 784 } |
| 786 | 785 |
| 787 /* make and send conn_id */ | 786 /* make and send conn_id */ |
| 788 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ | 787 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ |
| 789 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; | 788 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; |
| 790 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length)
<= 0) | 789 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length)
<= 0) |
| 791 return -1; | 790 return -1; |
| (...skipping 342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1134 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); | 1133 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); |
| 1135 return(i); | 1134 return(i); |
| 1136 } | 1135 } |
| 1137 #else /* !OPENSSL_NO_SSL2 */ | 1136 #else /* !OPENSSL_NO_SSL2 */ |
| 1138 | 1137 |
| 1139 # if PEDANTIC | 1138 # if PEDANTIC |
| 1140 static void *dummy=&dummy; | 1139 static void *dummy=&dummy; |
| 1141 # endif | 1140 # endif |
| 1142 | 1141 |
| 1143 #endif | 1142 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/