Cross Reference: /freebsd-11-stable/crypto/openssl/ssl/s2

Deleted Added

sdiff udiff text old ( 142428 ) new ( 160817 )

full compact

s2_srvr.c (142428)	s2_srvr.c (160817)
1/* ssl/s2_srvr.c / 2/ Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 / 58/ ==================================================================== 59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 / 111* 112#include "ssl_locl.h" 113#ifndef OPENSSL_NO_SSL2 114#include <stdio.h> 115#include <openssl/bio.h> 116#include <openssl/rand.h> 117#include <openssl/objects.h> 118#include <openssl/evp.h> 119 120static SSL_METHOD ssl2_get_server_method(int ver); 121static int get_client_master_key(SSL s); 122static int get_client_hello(SSL s); 123static int server_hello(SSL s); 124static int get_client_finished(SSL s); 125static int server_verify(SSL s); 126static int server_finish(SSL s); 127static int request_certificate(SSL s); 128static int ssl_rsa_private_decrypt(CERT c, int len, unsigned char from, 129 unsigned char to,int padding); 130#define BREAK break 131* 132static SSL_METHOD ssl2_get_server_method(int ver) 133* { 134 if (ver == SSL2_VERSION) 135 return(SSLv2_server_method()); 136 else 137 return(NULL); 138 } 139	1/* ssl/s2_srvr.c / 2/ Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 / 58/ ==================================================================== 59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 / 111* 112#include "ssl_locl.h" 113#ifndef OPENSSL_NO_SSL2 114#include <stdio.h> 115#include <openssl/bio.h> 116#include <openssl/rand.h> 117#include <openssl/objects.h> 118#include <openssl/evp.h> 119 120static SSL_METHOD ssl2_get_server_method(int ver); 121static int get_client_master_key(SSL s); 122static int get_client_hello(SSL s); 123static int server_hello(SSL s); 124static int get_client_finished(SSL s); 125static int server_verify(SSL s); 126static int server_finish(SSL s); 127static int request_certificate(SSL s); 128static int ssl_rsa_private_decrypt(CERT c, int len, unsigned char from, 129 unsigned char to,int padding); 130#define BREAK break 131* 132static SSL_METHOD ssl2_get_server_method(int ver) 133* { 134 if (ver == SSL2_VERSION) 135 return(SSLv2_server_method()); 136 else 137 return(NULL); 138 } 139
140SSL_METHOD SSLv2_server_method(void) 141* { 142 static int init=1; 143 static SSL_METHOD SSLv2_server_data;	140IMPLEMENT_ssl2_meth_func(SSLv2_server_method, 141 ssl2_accept, 142 ssl_undefined_function, 143 ssl2_get_server_method)
144	144
145 if (init) 146 { 147 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); 148 149 if (init) 150 { 151 memcpy((char )&SSLv2_server_data,(char )sslv2_base_method(), 152 sizeof(SSL_METHOD)); 153 SSLv2_server_data.ssl_accept=ssl2_accept; 154 SSLv2_server_data.get_ssl_method=ssl2_get_server_method; 155 init=0; 156 } 157 158 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); 159 } 160 return(&SSLv2_server_data); 161 } 162
163int ssl2_accept(SSL s) 164* {	145int ssl2_accept(SSL s) 146* {
165 unsigned long l=time(NULL);	147 unsigned long l=(unsigned long)time(NULL);
166 BUF_MEM buf=NULL; 167* int ret= -1; 168 long num1; 169 void (cb)(const SSL ssl,int type,int val)=NULL; 170 int new_state,state; 171 172 RAND_add(&l,sizeof(l),0); 173 ERR_clear_error(); 174 clear_sys_error(); 175 176 if (s->info_callback != NULL) 177 cb=s->info_callback; 178 else if (s->ctx->info_callback != NULL) 179 cb=s->ctx->info_callback; 180 181 /* init things to blank / 182* s->in_handshake++; 183 if (!SSL_in_init(s) \|\| SSL_in_before(s)) SSL_clear(s); 184 185 if (s->cert == NULL) 186 { 187 SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 188 return(-1); 189 } 190 191 clear_sys_error(); 192 for (;;) 193 { 194 state=s->state; 195 196 switch (s->state) 197 { 198 case SSL_ST_BEFORE: 199 case SSL_ST_ACCEPT: 200 case SSL_ST_BEFORE\|SSL_ST_ACCEPT: 201 case SSL_ST_OK\|SSL_ST_ACCEPT: 202 203 s->server=1; 204 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 205 206 s->version=SSL2_VERSION; 207 s->type=SSL_ST_ACCEPT; 208 209 buf=s->init_buf; 210 if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) 211 { ret= -1; goto end; } 212 if (!BUF_MEM_grow(buf,(int) 213 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 214 { ret= -1; goto end; } 215 s->init_buf=buf; 216 s->init_num=0; 217 s->ctx->stats.sess_accept++; 218 s->handshake_func=ssl2_accept; 219 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 220 BREAK; 221 222 case SSL2_ST_GET_CLIENT_HELLO_A: 223 case SSL2_ST_GET_CLIENT_HELLO_B: 224 case SSL2_ST_GET_CLIENT_HELLO_C: 225 s->shutdown=0; 226 ret=get_client_hello(s); 227 if (ret <= 0) goto end; 228 s->init_num=0; 229 s->state=SSL2_ST_SEND_SERVER_HELLO_A; 230 BREAK; 231 232 case SSL2_ST_SEND_SERVER_HELLO_A: 233 case SSL2_ST_SEND_SERVER_HELLO_B: 234 ret=server_hello(s); 235 if (ret <= 0) goto end; 236 s->init_num=0; 237 if (!s->hit) 238 { 239 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A; 240 BREAK; 241 } 242 else 243 { 244 s->state=SSL2_ST_SERVER_START_ENCRYPTION; 245 BREAK; 246 } 247 case SSL2_ST_GET_CLIENT_MASTER_KEY_A: 248 case SSL2_ST_GET_CLIENT_MASTER_KEY_B: 249 ret=get_client_master_key(s); 250 if (ret <= 0) goto end; 251 s->init_num=0; 252 s->state=SSL2_ST_SERVER_START_ENCRYPTION; 253 BREAK; 254 255 case SSL2_ST_SERVER_START_ENCRYPTION: 256 /* Ok we how have sent all the stuff needed to 257 * start encrypting, the next packet back will 258 * be encrypted. / 259* if (!ssl2_enc_init(s,0)) 260 { ret= -1; goto end; } 261 s->s2->clear_text=0; 262 s->state=SSL2_ST_SEND_SERVER_VERIFY_A; 263 BREAK; 264 265 case SSL2_ST_SEND_SERVER_VERIFY_A: 266 case SSL2_ST_SEND_SERVER_VERIFY_B: 267 ret=server_verify(s); 268 if (ret <= 0) goto end; 269 s->init_num=0; 270 if (s->hit) 271 { 272 /* If we are in here, we have been 273 * buffering the output, so we need to 274 * flush it and remove buffering from 275 * future traffic / 276* s->state=SSL2_ST_SEND_SERVER_VERIFY_C; 277 BREAK; 278 } 279 else 280 { 281 s->state=SSL2_ST_GET_CLIENT_FINISHED_A; 282 break; 283 } 284 285 case SSL2_ST_SEND_SERVER_VERIFY_C: 286 /* get the number of bytes to write / 287* num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 288 if (num1 != 0) 289 { 290 s->rwstate=SSL_WRITING; 291 num1=BIO_flush(s->wbio); 292 if (num1 <= 0) { ret= -1; goto end; } 293 s->rwstate=SSL_NOTHING; 294 } 295 296 /* flushed and now remove buffering / 297* s->wbio=BIO_pop(s->wbio); 298 299 s->state=SSL2_ST_GET_CLIENT_FINISHED_A; 300 BREAK; 301 302 case SSL2_ST_GET_CLIENT_FINISHED_A: 303 case SSL2_ST_GET_CLIENT_FINISHED_B: 304 ret=get_client_finished(s); 305 if (ret <= 0) 306 goto end; 307 s->init_num=0; 308 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A; 309 BREAK; 310 311 case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: 312 case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: 313 case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: 314 case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: 315 /* don't do a 'request certificate' if we 316 * don't want to, or we already have one, and 317 * we only want to do it once. / 318* if (!(s->verify_mode & SSL_VERIFY_PEER) \|\| 319 ((s->session->peer != NULL) && 320 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) 321 { 322 s->state=SSL2_ST_SEND_SERVER_FINISHED_A; 323 break; 324 } 325 else 326 { 327 ret=request_certificate(s); 328 if (ret <= 0) goto end; 329 s->init_num=0; 330 s->state=SSL2_ST_SEND_SERVER_FINISHED_A; 331 } 332 BREAK; 333 334 case SSL2_ST_SEND_SERVER_FINISHED_A: 335 case SSL2_ST_SEND_SERVER_FINISHED_B: 336 ret=server_finish(s); 337 if (ret <= 0) goto end; 338 s->init_num=0; 339 s->state=SSL_ST_OK; 340 break; 341 342 case SSL_ST_OK: 343 BUF_MEM_free(s->init_buf); 344 ssl_free_wbio_buffer(s); 345 s->init_buf=NULL; 346 s->init_num=0; 347 /* ERR_clear_error();/ 348* 349 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 350 351 s->ctx->stats.sess_accept_good++; 352 /* s->server=1; / 353* ret=1; 354 355 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 356 357 goto end; 358 /* BREAK; / 359* 360 default: 361 SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE); 362 ret= -1; 363 goto end; 364 /* BREAK; / 365* } 366 367 if ((cb != NULL) && (s->state != state)) 368 { 369 new_state=s->state; 370 s->state=state; 371 cb(s,SSL_CB_ACCEPT_LOOP,1); 372 s->state=new_state; 373 } 374 } 375end: 376 s->in_handshake--; 377 if (cb != NULL) 378 cb(s,SSL_CB_ACCEPT_EXIT,ret); 379 return(ret); 380 } 381 382static int get_client_master_key(SSL s) 383* { 384 int is_export,i,n,keya,ek; 385 unsigned long len; 386 unsigned char p; 387* SSL_CIPHER cp; 388* const EVP_CIPHER c; 389* const EVP_MD md; 390* 391 p=(unsigned char )s->init_buf->data; 392* if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) 393 { 394 i=ssl2_read(s,(char )&(p[s->init_num]),10-s->init_num); 395* 396 if (i < (10-s->init_num)) 397 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); 398 s->init_num = 10; 399 400 if ((p++) != SSL2_MT_CLIENT_MASTER_KEY) 401* { 402 if (p[-1] != SSL2_MT_ERROR) 403 { 404 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 405 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); 406 } 407 else 408 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); 409 return(-1); 410 } 411 412 cp=ssl2_get_cipher_by_char(p); 413 if (cp == NULL) 414 { 415 ssl2_return_error(s,SSL2_PE_NO_CIPHER); 416 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); 417 return(-1); 418 } 419 s->session->cipher= cp; 420 421 p+=3; 422 n2s(p,i); s->s2->tmp.clear=i; 423 n2s(p,i); s->s2->tmp.enc=i; 424 n2s(p,i); s->session->key_arg_length=i; 425 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) 426 { 427 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 428 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); 429 return -1; 430 } 431 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; 432 } 433 434 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B / 435* p=(unsigned char )s->init_buf->data; 436* if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 437 { 438 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 439 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); 440 return -1; 441 } 442 keya=s->session->key_arg_length; 443 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; 444 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 445 { 446 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 447 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); 448 return -1; 449 } 450 n = (int)len - s->init_num; 451 i = ssl2_read(s,(char )&(p[s->init_num]),n); 452* if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); 453 if (s->msg_callback) 454 s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY / 455* p += 10; 456 457 memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), 458 (unsigned int)keya); 459 460 if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) 461 { 462 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 463 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); 464 return(-1); 465 } 466 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, 467 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), 468 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); 469 470 is_export=SSL_C_IS_EXPORT(s->session->cipher); 471 472 if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) 473 { 474 ssl2_return_error(s,SSL2_PE_NO_CIPHER); 475 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); 476 return(0); 477 } 478 479 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) 480 { 481 is_export=1; 482 ek=8; 483 } 484 else 485 ek=5; 486 487 /* bad decrypt / 488#if 1 489* /* If a bad decrypt, continue with protocol but with a 490 * random master secret (Bleichenbacher attack) / 491* if ((i < 0) \|\| 492 ((!is_export && (i != EVP_CIPHER_key_length(c))) 493 \|\| (is_export && ((i != ek) \|\| (s->s2->tmp.clear+(unsigned int)i != 494 (unsigned int)EVP_CIPHER_key_length(c)))))) 495 { 496 ERR_clear_error(); 497 if (is_export) 498 i=ek; 499 else 500 i=EVP_CIPHER_key_length(c);	148 BUF_MEM buf=NULL; 149* int ret= -1; 150 long num1; 151 void (cb)(const SSL ssl,int type,int val)=NULL; 152 int new_state,state; 153 154 RAND_add(&l,sizeof(l),0); 155 ERR_clear_error(); 156 clear_sys_error(); 157 158 if (s->info_callback != NULL) 159 cb=s->info_callback; 160 else if (s->ctx->info_callback != NULL) 161 cb=s->ctx->info_callback; 162 163 /* init things to blank / 164* s->in_handshake++; 165 if (!SSL_in_init(s) \|\| SSL_in_before(s)) SSL_clear(s); 166 167 if (s->cert == NULL) 168 { 169 SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 170 return(-1); 171 } 172 173 clear_sys_error(); 174 for (;;) 175 { 176 state=s->state; 177 178 switch (s->state) 179 { 180 case SSL_ST_BEFORE: 181 case SSL_ST_ACCEPT: 182 case SSL_ST_BEFORE\|SSL_ST_ACCEPT: 183 case SSL_ST_OK\|SSL_ST_ACCEPT: 184 185 s->server=1; 186 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 187 188 s->version=SSL2_VERSION; 189 s->type=SSL_ST_ACCEPT; 190 191 buf=s->init_buf; 192 if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL)) 193 { ret= -1; goto end; } 194 if (!BUF_MEM_grow(buf,(int) 195 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 196 { ret= -1; goto end; } 197 s->init_buf=buf; 198 s->init_num=0; 199 s->ctx->stats.sess_accept++; 200 s->handshake_func=ssl2_accept; 201 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 202 BREAK; 203 204 case SSL2_ST_GET_CLIENT_HELLO_A: 205 case SSL2_ST_GET_CLIENT_HELLO_B: 206 case SSL2_ST_GET_CLIENT_HELLO_C: 207 s->shutdown=0; 208 ret=get_client_hello(s); 209 if (ret <= 0) goto end; 210 s->init_num=0; 211 s->state=SSL2_ST_SEND_SERVER_HELLO_A; 212 BREAK; 213 214 case SSL2_ST_SEND_SERVER_HELLO_A: 215 case SSL2_ST_SEND_SERVER_HELLO_B: 216 ret=server_hello(s); 217 if (ret <= 0) goto end; 218 s->init_num=0; 219 if (!s->hit) 220 { 221 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A; 222 BREAK; 223 } 224 else 225 { 226 s->state=SSL2_ST_SERVER_START_ENCRYPTION; 227 BREAK; 228 } 229 case SSL2_ST_GET_CLIENT_MASTER_KEY_A: 230 case SSL2_ST_GET_CLIENT_MASTER_KEY_B: 231 ret=get_client_master_key(s); 232 if (ret <= 0) goto end; 233 s->init_num=0; 234 s->state=SSL2_ST_SERVER_START_ENCRYPTION; 235 BREAK; 236 237 case SSL2_ST_SERVER_START_ENCRYPTION: 238 /* Ok we how have sent all the stuff needed to 239 * start encrypting, the next packet back will 240 * be encrypted. / 241* if (!ssl2_enc_init(s,0)) 242 { ret= -1; goto end; } 243 s->s2->clear_text=0; 244 s->state=SSL2_ST_SEND_SERVER_VERIFY_A; 245 BREAK; 246 247 case SSL2_ST_SEND_SERVER_VERIFY_A: 248 case SSL2_ST_SEND_SERVER_VERIFY_B: 249 ret=server_verify(s); 250 if (ret <= 0) goto end; 251 s->init_num=0; 252 if (s->hit) 253 { 254 /* If we are in here, we have been 255 * buffering the output, so we need to 256 * flush it and remove buffering from 257 * future traffic / 258* s->state=SSL2_ST_SEND_SERVER_VERIFY_C; 259 BREAK; 260 } 261 else 262 { 263 s->state=SSL2_ST_GET_CLIENT_FINISHED_A; 264 break; 265 } 266 267 case SSL2_ST_SEND_SERVER_VERIFY_C: 268 /* get the number of bytes to write / 269* num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 270 if (num1 != 0) 271 { 272 s->rwstate=SSL_WRITING; 273 num1=BIO_flush(s->wbio); 274 if (num1 <= 0) { ret= -1; goto end; } 275 s->rwstate=SSL_NOTHING; 276 } 277 278 /* flushed and now remove buffering / 279* s->wbio=BIO_pop(s->wbio); 280 281 s->state=SSL2_ST_GET_CLIENT_FINISHED_A; 282 BREAK; 283 284 case SSL2_ST_GET_CLIENT_FINISHED_A: 285 case SSL2_ST_GET_CLIENT_FINISHED_B: 286 ret=get_client_finished(s); 287 if (ret <= 0) 288 goto end; 289 s->init_num=0; 290 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A; 291 BREAK; 292 293 case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: 294 case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: 295 case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: 296 case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: 297 /* don't do a 'request certificate' if we 298 * don't want to, or we already have one, and 299 * we only want to do it once. / 300* if (!(s->verify_mode & SSL_VERIFY_PEER) \|\| 301 ((s->session->peer != NULL) && 302 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) 303 { 304 s->state=SSL2_ST_SEND_SERVER_FINISHED_A; 305 break; 306 } 307 else 308 { 309 ret=request_certificate(s); 310 if (ret <= 0) goto end; 311 s->init_num=0; 312 s->state=SSL2_ST_SEND_SERVER_FINISHED_A; 313 } 314 BREAK; 315 316 case SSL2_ST_SEND_SERVER_FINISHED_A: 317 case SSL2_ST_SEND_SERVER_FINISHED_B: 318 ret=server_finish(s); 319 if (ret <= 0) goto end; 320 s->init_num=0; 321 s->state=SSL_ST_OK; 322 break; 323 324 case SSL_ST_OK: 325 BUF_MEM_free(s->init_buf); 326 ssl_free_wbio_buffer(s); 327 s->init_buf=NULL; 328 s->init_num=0; 329 /* ERR_clear_error();/ 330* 331 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 332 333 s->ctx->stats.sess_accept_good++; 334 /* s->server=1; / 335* ret=1; 336 337 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 338 339 goto end; 340 /* BREAK; / 341* 342 default: 343 SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE); 344 ret= -1; 345 goto end; 346 /* BREAK; / 347* } 348 349 if ((cb != NULL) && (s->state != state)) 350 { 351 new_state=s->state; 352 s->state=state; 353 cb(s,SSL_CB_ACCEPT_LOOP,1); 354 s->state=new_state; 355 } 356 } 357end: 358 s->in_handshake--; 359 if (cb != NULL) 360 cb(s,SSL_CB_ACCEPT_EXIT,ret); 361 return(ret); 362 } 363 364static int get_client_master_key(SSL s) 365* { 366 int is_export,i,n,keya,ek; 367 unsigned long len; 368 unsigned char p; 369* SSL_CIPHER cp; 370* const EVP_CIPHER c; 371* const EVP_MD md; 372* 373 p=(unsigned char )s->init_buf->data; 374* if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) 375 { 376 i=ssl2_read(s,(char )&(p[s->init_num]),10-s->init_num); 377* 378 if (i < (10-s->init_num)) 379 return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); 380 s->init_num = 10; 381 382 if ((p++) != SSL2_MT_CLIENT_MASTER_KEY) 383* { 384 if (p[-1] != SSL2_MT_ERROR) 385 { 386 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 387 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); 388 } 389 else 390 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); 391 return(-1); 392 } 393 394 cp=ssl2_get_cipher_by_char(p); 395 if (cp == NULL) 396 { 397 ssl2_return_error(s,SSL2_PE_NO_CIPHER); 398 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); 399 return(-1); 400 } 401 s->session->cipher= cp; 402 403 p+=3; 404 n2s(p,i); s->s2->tmp.clear=i; 405 n2s(p,i); s->s2->tmp.enc=i; 406 n2s(p,i); s->session->key_arg_length=i; 407 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) 408 { 409 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); 411 return -1; 412 } 413 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; 414 } 415 416 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B / 417* p=(unsigned char )s->init_buf->data; 418* if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 419 { 420 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 421 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); 422 return -1; 423 } 424 keya=s->session->key_arg_length; 425 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; 426 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 427 { 428 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 429 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); 430 return -1; 431 } 432 n = (int)len - s->init_num; 433 i = ssl2_read(s,(char )&(p[s->init_num]),n); 434* if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); 435 if (s->msg_callback) 436 s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY / 437* p += 10; 438 439 memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), 440 (unsigned int)keya); 441 442 if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) 443 { 444 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 445 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); 446 return(-1); 447 } 448 i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, 449 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), 450 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); 451 452 is_export=SSL_C_IS_EXPORT(s->session->cipher); 453 454 if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) 455 { 456 ssl2_return_error(s,SSL2_PE_NO_CIPHER); 457 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); 458 return(0); 459 } 460 461 if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) 462 { 463 is_export=1; 464 ek=8; 465 } 466 else 467 ek=5; 468 469 /* bad decrypt / 470#if 1 471* /* If a bad decrypt, continue with protocol but with a 472 * random master secret (Bleichenbacher attack) / 473* if ((i < 0) \|\| 474 ((!is_export && (i != EVP_CIPHER_key_length(c))) 475 \|\| (is_export && ((i != ek) \|\| (s->s2->tmp.clear+(unsigned int)i != 476 (unsigned int)EVP_CIPHER_key_length(c)))))) 477 { 478 ERR_clear_error(); 479 if (is_export) 480 i=ek; 481 else 482 i=EVP_CIPHER_key_length(c);
501 if(RAND_pseudo_bytes(p,i) <= 0) 502 return 0;	483 if (RAND_pseudo_bytes(p,i) <= 0) 484 return 0;
503 } 504#else 505 if (i < 0) 506 { 507 error=1; 508 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); 509 } 510 /* incorrect number of key bytes for non export cipher / 511* else if ((!is_export && (i != EVP_CIPHER_key_length(c))) 512 \|\| (is_export && ((i != ek) \|\| (s->s2->tmp.clear+i != 513 EVP_CIPHER_key_length(c))))) 514 { 515 error=1; 516 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS); 517 } 518 if (error) 519 { 520 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 521 return(-1); 522 } 523#endif 524 525 if (is_export) i+=s->s2->tmp.clear; 526 527 if (i > SSL_MAX_MASTER_KEY_LENGTH) 528 { 529 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 530 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); 531 return -1; 532 } 533 s->session->master_key_length=i; 534 memcpy(s->session->master_key,p,(unsigned int)i); 535 return(1); 536 } 537 538static int get_client_hello(SSL s) 539* { 540 int i,n; 541 unsigned long len; 542 unsigned char p; 543* STACK_OF(SSL_CIPHER) cs; / a stack of SSL_CIPHERS / 544* STACK_OF(SSL_CIPHER) cl; / the ones we want to use / 545* STACK_OF(SSL_CIPHER) prio, allow; 546 int z; 547 548 /* This is a bit of a hack to check for the correct packet 549 * type the first time round. / 550* if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) 551 { 552 s->first_packet=1; 553 s->state=SSL2_ST_GET_CLIENT_HELLO_B; 554 } 555 556 p=(unsigned char )s->init_buf->data; 557* if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) 558 { 559 i=ssl2_read(s,(char )&(p[s->init_num]),9-s->init_num); 560* if (i < (9-s->init_num)) 561 return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); 562 s->init_num = 9; 563 564 if ((p++) != SSL2_MT_CLIENT_HELLO) 565* { 566 if (p[-1] != SSL2_MT_ERROR) 567 { 568 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 569 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE); 570 } 571 else 572 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR); 573 return(-1); 574 } 575 n2s(p,i); 576 if (i < s->version) s->version=i; 577 n2s(p,i); s->s2->tmp.cipher_spec_length=i; 578 n2s(p,i); s->s2->tmp.session_id_length=i; 579 n2s(p,i); s->s2->challenge_length=i; 580 if ( (i < SSL2_MIN_CHALLENGE_LENGTH) \|\| 581 (i > SSL2_MAX_CHALLENGE_LENGTH)) 582 { 583 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 584 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); 585 return(-1); 586 } 587 s->state=SSL2_ST_GET_CLIENT_HELLO_C; 588 } 589 590 /* SSL2_ST_GET_CLIENT_HELLO_C / 591* p=(unsigned char )s->init_buf->data; 592* len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; 593 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 594 { 595 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 596 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); 597 return -1; 598 } 599 n = (int)len - s->init_num; 600 i = ssl2_read(s,(char )&(p[s->init_num]),n); 601* if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); 602 if (s->msg_callback) 603 s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO / 604* p += 9; 605 606 /* get session-id before cipher stuff so we can get out session 607 * structure if it is cached / 608* /* session-id / 609* if ((s->s2->tmp.session_id_length != 0) && 610 (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) 611 { 612 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 613 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH); 614 return(-1); 615 } 616 617 if (s->s2->tmp.session_id_length == 0) 618 { 619 if (!ssl_get_new_session(s,1)) 620 { 621 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 622 return(-1); 623 } 624 } 625 else 626 { 627 i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), 628 s->s2->tmp.session_id_length); 629 if (i == 1) 630 { /* previous session / 631* s->hit=1; 632 } 633 else if (i == -1) 634 { 635 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 636 return(-1); 637 } 638 else 639 { 640 if (s->cert == NULL) 641 { 642 ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); 643 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET); 644 return(-1); 645 } 646 647 if (!ssl_get_new_session(s,1)) 648 { 649 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 650 return(-1); 651 } 652 } 653 } 654 655 if (!s->hit) 656 { 657 cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length, 658 &s->session->ciphers); 659 if (cs == NULL) goto mem_err; 660 661 cl=SSL_get_ciphers(s); 662 663 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 664 { 665 prio=sk_SSL_CIPHER_dup(cl); 666 if (prio == NULL) goto mem_err; 667 allow = cs; 668 } 669 else 670 { 671 prio = cs; 672 allow = cl; 673 } 674 for (z=0; z<sk_SSL_CIPHER_num(prio); z++) 675 { 676 if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) 677 { 678 sk_SSL_CIPHER_delete(prio,z); 679 z--; 680 } 681 } 682 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 683 { 684 sk_SSL_CIPHER_free(s->session->ciphers); 685 s->session->ciphers = prio; 686 } 687 /* s->session->ciphers should now have a list of 688 * ciphers that are on both the client and server. 689 * This list is ordered by the order the client sent 690 * the ciphers or in the order of the server's preference 691 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set. 692 / 693* } 694 p+=s->s2->tmp.cipher_spec_length; 695 /* done cipher selection / 696* 697 /* session id extracted already / 698* p+=s->s2->tmp.session_id_length; 699 700 /* challenge / 701* if (s->s2->challenge_length > sizeof s->s2->challenge) 702 { 703 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 704 SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 705 return -1; 706 } 707 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); 708 return(1); 709mem_err: 710 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); 711 return(0); 712 } 713 714static int server_hello(SSL s) 715* { 716 unsigned char p,d; 717 int n,hit; 718 STACK_OF(SSL_CIPHER) sk; 719* 720 p=(unsigned char )s->init_buf->data; 721* if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) 722 { 723 d=p+11; 724 (p++)=SSL2_MT_SERVER_HELLO; / type / 725* hit=s->hit; 726 (p++)=(unsigned char)hit; 727#if 1 728* if (!hit) 729 { 730 if (s->session->sess_cert != NULL) 731 /* This can't really happen because get_client_hello 732 * has called ssl_get_new_session, which does not set 733 * sess_cert. / 734* ssl_sess_cert_free(s->session->sess_cert); 735 s->session->sess_cert = ssl_sess_cert_new(); 736 if (s->session->sess_cert == NULL) 737 { 738 SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE); 739 return(-1); 740 } 741 } 742 /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL, 743 * depending on whether it survived in the internal cache 744 * or was retrieved from an external cache. 745 * If it is NULL, we cannot put any useful data in it anyway, 746 * so we don't touch it. 747 / 748* 749#else /* That's what used to be done when cert_st and sess_cert_st were 750 * the same. / 751* if (!hit) 752 { /* else add cert to session / 753* CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); 754 if (s->session->sess_cert != NULL) 755 ssl_cert_free(s->session->sess_cert); 756 s->session->sess_cert=s->cert; 757 } 758 else /* We have a session id-cache hit, if the 759 * session-id has no certificate listed against 760 * the 'cert' structure, grab the 'old' one 761 * listed against the SSL connection / 762* { 763 if (s->session->sess_cert == NULL) 764 { 765 CRYPTO_add(&s->cert->references,1, 766 CRYPTO_LOCK_SSL_CERT); 767 s->session->sess_cert=s->cert; 768 } 769 } 770#endif 771 772 if (s->cert == NULL) 773 { 774 ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); 775 SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED); 776 return(-1); 777 } 778 779 if (hit) 780 { 781 (p++)=0; / no certificate type / 782* s2n(s->version,p); /* version / 783* s2n(0,p); /* cert len / 784* s2n(0,p); /* ciphers len / 785* } 786 else 787 { 788 /* EAY EAY / 789* /* put certificate type / 790* (p++)=SSL2_CT_X509_CERTIFICATE; 791* s2n(s->version,p); /* version / 792* n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 793 s2n(n,p); /* certificate length / 794* i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); 795 n=0; 796 797 /* lets send out the ciphers we like in the 798 * prefered order / 799* sk= s->session->ciphers;	485 } 486#else 487 if (i < 0) 488 { 489 error=1; 490 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); 491 } 492 /* incorrect number of key bytes for non export cipher / 493* else if ((!is_export && (i != EVP_CIPHER_key_length(c))) 494 \|\| (is_export && ((i != ek) \|\| (s->s2->tmp.clear+i != 495 EVP_CIPHER_key_length(c))))) 496 { 497 error=1; 498 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS); 499 } 500 if (error) 501 { 502 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 503 return(-1); 504 } 505#endif 506 507 if (is_export) i+=s->s2->tmp.clear; 508 509 if (i > SSL_MAX_MASTER_KEY_LENGTH) 510 { 511 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 512 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); 513 return -1; 514 } 515 s->session->master_key_length=i; 516 memcpy(s->session->master_key,p,(unsigned int)i); 517 return(1); 518 } 519 520static int get_client_hello(SSL s) 521* { 522 int i,n; 523 unsigned long len; 524 unsigned char p; 525* STACK_OF(SSL_CIPHER) cs; / a stack of SSL_CIPHERS / 526* STACK_OF(SSL_CIPHER) cl; / the ones we want to use / 527* STACK_OF(SSL_CIPHER) prio, allow; 528 int z; 529 530 /* This is a bit of a hack to check for the correct packet 531 * type the first time round. / 532* if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) 533 { 534 s->first_packet=1; 535 s->state=SSL2_ST_GET_CLIENT_HELLO_B; 536 } 537 538 p=(unsigned char )s->init_buf->data; 539* if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) 540 { 541 i=ssl2_read(s,(char )&(p[s->init_num]),9-s->init_num); 542* if (i < (9-s->init_num)) 543 return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); 544 s->init_num = 9; 545 546 if ((p++) != SSL2_MT_CLIENT_HELLO) 547* { 548 if (p[-1] != SSL2_MT_ERROR) 549 { 550 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 551 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE); 552 } 553 else 554 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR); 555 return(-1); 556 } 557 n2s(p,i); 558 if (i < s->version) s->version=i; 559 n2s(p,i); s->s2->tmp.cipher_spec_length=i; 560 n2s(p,i); s->s2->tmp.session_id_length=i; 561 n2s(p,i); s->s2->challenge_length=i; 562 if ( (i < SSL2_MIN_CHALLENGE_LENGTH) \|\| 563 (i > SSL2_MAX_CHALLENGE_LENGTH)) 564 { 565 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 566 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); 567 return(-1); 568 } 569 s->state=SSL2_ST_GET_CLIENT_HELLO_C; 570 } 571 572 /* SSL2_ST_GET_CLIENT_HELLO_C / 573* p=(unsigned char )s->init_buf->data; 574* len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; 575 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 576 { 577 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 578 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); 579 return -1; 580 } 581 n = (int)len - s->init_num; 582 i = ssl2_read(s,(char )&(p[s->init_num]),n); 583* if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); 584 if (s->msg_callback) 585 s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO / 586* p += 9; 587 588 /* get session-id before cipher stuff so we can get out session 589 * structure if it is cached / 590* /* session-id / 591* if ((s->s2->tmp.session_id_length != 0) && 592 (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) 593 { 594 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 595 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH); 596 return(-1); 597 } 598 599 if (s->s2->tmp.session_id_length == 0) 600 { 601 if (!ssl_get_new_session(s,1)) 602 { 603 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 604 return(-1); 605 } 606 } 607 else 608 { 609 i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), 610 s->s2->tmp.session_id_length); 611 if (i == 1) 612 { /* previous session / 613* s->hit=1; 614 } 615 else if (i == -1) 616 { 617 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 618 return(-1); 619 } 620 else 621 { 622 if (s->cert == NULL) 623 { 624 ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); 625 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET); 626 return(-1); 627 } 628 629 if (!ssl_get_new_session(s,1)) 630 { 631 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 632 return(-1); 633 } 634 } 635 } 636 637 if (!s->hit) 638 { 639 cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length, 640 &s->session->ciphers); 641 if (cs == NULL) goto mem_err; 642 643 cl=SSL_get_ciphers(s); 644 645 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 646 { 647 prio=sk_SSL_CIPHER_dup(cl); 648 if (prio == NULL) goto mem_err; 649 allow = cs; 650 } 651 else 652 { 653 prio = cs; 654 allow = cl; 655 } 656 for (z=0; z<sk_SSL_CIPHER_num(prio); z++) 657 { 658 if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) 659 { 660 sk_SSL_CIPHER_delete(prio,z); 661 z--; 662 } 663 } 664 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 665 { 666 sk_SSL_CIPHER_free(s->session->ciphers); 667 s->session->ciphers = prio; 668 } 669 /* s->session->ciphers should now have a list of 670 * ciphers that are on both the client and server. 671 * This list is ordered by the order the client sent 672 * the ciphers or in the order of the server's preference 673 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set. 674 / 675* } 676 p+=s->s2->tmp.cipher_spec_length; 677 /* done cipher selection / 678* 679 /* session id extracted already / 680* p+=s->s2->tmp.session_id_length; 681 682 /* challenge / 683* if (s->s2->challenge_length > sizeof s->s2->challenge) 684 { 685 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 686 SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 687 return -1; 688 } 689 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); 690 return(1); 691mem_err: 692 SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); 693 return(0); 694 } 695 696static int server_hello(SSL s) 697* { 698 unsigned char p,d; 699 int n,hit; 700 STACK_OF(SSL_CIPHER) sk; 701* 702 p=(unsigned char )s->init_buf->data; 703* if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) 704 { 705 d=p+11; 706 (p++)=SSL2_MT_SERVER_HELLO; / type / 707* hit=s->hit; 708 (p++)=(unsigned char)hit; 709#if 1 710* if (!hit) 711 { 712 if (s->session->sess_cert != NULL) 713 /* This can't really happen because get_client_hello 714 * has called ssl_get_new_session, which does not set 715 * sess_cert. / 716* ssl_sess_cert_free(s->session->sess_cert); 717 s->session->sess_cert = ssl_sess_cert_new(); 718 if (s->session->sess_cert == NULL) 719 { 720 SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE); 721 return(-1); 722 } 723 } 724 /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL, 725 * depending on whether it survived in the internal cache 726 * or was retrieved from an external cache. 727 * If it is NULL, we cannot put any useful data in it anyway, 728 * so we don't touch it. 729 / 730* 731#else /* That's what used to be done when cert_st and sess_cert_st were 732 * the same. / 733* if (!hit) 734 { /* else add cert to session / 735* CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); 736 if (s->session->sess_cert != NULL) 737 ssl_cert_free(s->session->sess_cert); 738 s->session->sess_cert=s->cert; 739 } 740 else /* We have a session id-cache hit, if the 741 * session-id has no certificate listed against 742 * the 'cert' structure, grab the 'old' one 743 * listed against the SSL connection / 744* { 745 if (s->session->sess_cert == NULL) 746 { 747 CRYPTO_add(&s->cert->references,1, 748 CRYPTO_LOCK_SSL_CERT); 749 s->session->sess_cert=s->cert; 750 } 751 } 752#endif 753 754 if (s->cert == NULL) 755 { 756 ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE); 757 SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED); 758 return(-1); 759 } 760 761 if (hit) 762 { 763 (p++)=0; / no certificate type / 764* s2n(s->version,p); /* version / 765* s2n(0,p); /* cert len / 766* s2n(0,p); /* ciphers len / 767* } 768 else 769 { 770 /* EAY EAY / 771* /* put certificate type / 772* (p++)=SSL2_CT_X509_CERTIFICATE; 773* s2n(s->version,p); /* version / 774* n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 775 s2n(n,p); /* certificate length / 776* i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); 777 n=0; 778 779 /* lets send out the ciphers we like in the 780 * prefered order / 781* sk= s->session->ciphers;
800 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);	782 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
801 d+=n; 802 s2n(n,p); /* add cipher length / 803* } 804 805 /* make and send conn_id / 806* s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length / 807* s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;	783 d+=n; 784 s2n(n,p); /* add cipher length / 785* } 786 787 /* make and send conn_id / 788* s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length / 789* s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
808 if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) 809 return -1;	790 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) 791 return -1;
810 memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); 811 d+=SSL2_CONNECTION_ID_LENGTH; 812 813 s->state=SSL2_ST_SEND_SERVER_HELLO_B; 814 s->init_num=d-(unsigned char )s->init_buf->data; 815* s->init_off=0; 816 } 817 /* SSL2_ST_SEND_SERVER_HELLO_B / 818* /* If we are using TCP/IP, the performance is bad if we do 2 819 * writes without a read between them. This occurs when 820 * Session-id reuse is used, so I will put in a buffering module 821 / 822* if (s->hit) 823 { 824 if (!ssl_init_wbio_buffer(s,1)) return(-1); 825 } 826 827 return(ssl2_do_write(s)); 828 } 829 830static int get_client_finished(SSL s) 831* { 832 unsigned char p; 833* int i, n; 834 unsigned long len; 835 836 p=(unsigned char )s->init_buf->data; 837* if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) 838 { 839 i=ssl2_read(s,(char )&(p[s->init_num]),1-s->init_num); 840* if (i < 1-s->init_num) 841 return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); 842 s->init_num += i; 843 844 if (p != SSL2_MT_CLIENT_FINISHED) 845* { 846 if (p != SSL2_MT_ERROR) 847* { 848 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 849 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); 850 } 851 else 852 { 853 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); 854 /* try to read the error message / 855* i=ssl2_read(s,(char )&(p[s->init_num]),3-s->init_num); 856* return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); 857 } 858 return(-1); 859 } 860 s->state=SSL2_ST_GET_CLIENT_FINISHED_B; 861 } 862 863 /* SSL2_ST_GET_CLIENT_FINISHED_B / 864* if (s->s2->conn_id_length > sizeof s->s2->conn_id) 865 { 866 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 867 SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); 868 return -1; 869 } 870 len = 1 + (unsigned long)s->s2->conn_id_length; 871 n = (int)len - s->init_num; 872 i = ssl2_read(s,(char )&(p[s->init_num]),n); 873* if (i < n) 874 { 875 return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); 876 } 877 if (s->msg_callback) 878 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED / 879* p += 1; 880 if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) 881 { 882 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 883 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); 884 return(-1); 885 } 886 return(1); 887 } 888 889static int server_verify(SSL s) 890* { 891 unsigned char p; 892* 893 if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) 894 { 895 p=(unsigned char )s->init_buf->data; 896* (p++)=SSL2_MT_SERVER_VERIFY; 897* if (s->s2->challenge_length > sizeof s->s2->challenge) 898 { 899 SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); 900 return -1; 901 } 902 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); 903 /* p+=s->s2->challenge_length; / 904* 905 s->state=SSL2_ST_SEND_SERVER_VERIFY_B; 906 s->init_num=s->s2->challenge_length+1; 907 s->init_off=0; 908 } 909 return(ssl2_do_write(s)); 910 } 911 912static int server_finish(SSL s) 913* { 914 unsigned char p; 915* 916 if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) 917 { 918 p=(unsigned char )s->init_buf->data; 919* (p++)=SSL2_MT_SERVER_FINISHED; 920* 921 if (s->session->session_id_length > sizeof s->session->session_id) 922 { 923 SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); 924 return -1; 925 } 926 memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); 927 /* p+=s->session->session_id_length; / 928* 929 s->state=SSL2_ST_SEND_SERVER_FINISHED_B; 930 s->init_num=s->session->session_id_length+1; 931 s->init_off=0; 932 } 933 934 /* SSL2_ST_SEND_SERVER_FINISHED_B / 935* return(ssl2_do_write(s)); 936 } 937 938/* send the request and check the response / 939static int request_certificate(SSL s) 940 {	792 memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); 793 d+=SSL2_CONNECTION_ID_LENGTH; 794 795 s->state=SSL2_ST_SEND_SERVER_HELLO_B; 796 s->init_num=d-(unsigned char )s->init_buf->data; 797* s->init_off=0; 798 } 799 /* SSL2_ST_SEND_SERVER_HELLO_B / 800* /* If we are using TCP/IP, the performance is bad if we do 2 801 * writes without a read between them. This occurs when 802 * Session-id reuse is used, so I will put in a buffering module 803 / 804* if (s->hit) 805 { 806 if (!ssl_init_wbio_buffer(s,1)) return(-1); 807 } 808 809 return(ssl2_do_write(s)); 810 } 811 812static int get_client_finished(SSL s) 813* { 814 unsigned char p; 815* int i, n; 816 unsigned long len; 817 818 p=(unsigned char )s->init_buf->data; 819* if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) 820 { 821 i=ssl2_read(s,(char )&(p[s->init_num]),1-s->init_num); 822* if (i < 1-s->init_num) 823 return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); 824 s->init_num += i; 825 826 if (p != SSL2_MT_CLIENT_FINISHED) 827* { 828 if (p != SSL2_MT_ERROR) 829* { 830 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 831 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); 832 } 833 else 834 { 835 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); 836 /* try to read the error message / 837* i=ssl2_read(s,(char )&(p[s->init_num]),3-s->init_num); 838* return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); 839 } 840 return(-1); 841 } 842 s->state=SSL2_ST_GET_CLIENT_FINISHED_B; 843 } 844 845 /* SSL2_ST_GET_CLIENT_FINISHED_B / 846* if (s->s2->conn_id_length > sizeof s->s2->conn_id) 847 { 848 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 849 SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); 850 return -1; 851 } 852 len = 1 + (unsigned long)s->s2->conn_id_length; 853 n = (int)len - s->init_num; 854 i = ssl2_read(s,(char )&(p[s->init_num]),n); 855* if (i < n) 856 { 857 return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); 858 } 859 if (s->msg_callback) 860 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED / 861* p += 1; 862 if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) 863 { 864 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 865 SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); 866 return(-1); 867 } 868 return(1); 869 } 870 871static int server_verify(SSL s) 872* { 873 unsigned char p; 874* 875 if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) 876 { 877 p=(unsigned char )s->init_buf->data; 878* (p++)=SSL2_MT_SERVER_VERIFY; 879* if (s->s2->challenge_length > sizeof s->s2->challenge) 880 { 881 SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); 882 return -1; 883 } 884 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); 885 /* p+=s->s2->challenge_length; / 886* 887 s->state=SSL2_ST_SEND_SERVER_VERIFY_B; 888 s->init_num=s->s2->challenge_length+1; 889 s->init_off=0; 890 } 891 return(ssl2_do_write(s)); 892 } 893 894static int server_finish(SSL s) 895* { 896 unsigned char p; 897* 898 if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) 899 { 900 p=(unsigned char )s->init_buf->data; 901* (p++)=SSL2_MT_SERVER_FINISHED; 902* 903 if (s->session->session_id_length > sizeof s->session->session_id) 904 { 905 SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); 906 return -1; 907 } 908 memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); 909 /* p+=s->session->session_id_length; / 910* 911 s->state=SSL2_ST_SEND_SERVER_FINISHED_B; 912 s->init_num=s->session->session_id_length+1; 913 s->init_off=0; 914 } 915 916 /* SSL2_ST_SEND_SERVER_FINISHED_B / 917* return(ssl2_do_write(s)); 918 } 919 920/* send the request and check the response / 921static int request_certificate(SSL s) 922 {
	923 const unsigned char *cp;
941 unsigned char p,p2,buf2; 942* unsigned char ccd; 943* int i,j,ctype,ret= -1; 944 unsigned long len; 945 X509 x509=NULL; 946* STACK_OF(X509) sk=NULL; 947* 948 ccd=s->s2->tmp.ccl; 949 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) 950 { 951 p=(unsigned char )s->init_buf->data; 952* (p++)=SSL2_MT_REQUEST_CERTIFICATE; 953* *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;	924 unsigned char p,p2,buf2; 925* unsigned char ccd; 926* int i,j,ctype,ret= -1; 927 unsigned long len; 928 X509 x509=NULL; 929* STACK_OF(X509) sk=NULL; 930* 931 ccd=s->s2->tmp.ccl; 932 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) 933 { 934 p=(unsigned char )s->init_buf->data; 935* (p++)=SSL2_MT_REQUEST_CERTIFICATE; 936* *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
954 if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)	937 if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
955 return -1; 956 memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 957 958 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; 959 s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; 960 s->init_off=0; 961 } 962 963 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) 964 { 965 i=ssl2_do_write(s); 966 if (i <= 0) 967 { 968 ret=i; 969 goto end; 970 } 971 972 s->init_num=0; 973 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C; 974 } 975 976 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) 977 { 978 p=(unsigned char )s->init_buf->data; 979* i=ssl2_read(s,(char )&(p[s->init_num]),6-s->init_num); / try to read 6 octets ... / 980* if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 981 * (probably NO-CERTIFICATE-ERROR) / 982* { 983 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 984 goto end; 985 } 986 s->init_num += i; 987 988 if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) 989 { 990 n2s(p,i); 991 if (i != SSL2_PE_NO_CERTIFICATE) 992 { 993 /* not the error message we expected -- let ssl2_part_read handle it / 994* s->init_num -= 3; 995 ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3); 996 goto end; 997 } 998 999 if (s->msg_callback) 1000 s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR / 1001* 1002 /* this is the one place where we can recover from an SSL 2.0 error / 1003* 1004 if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) 1005 { 1006 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); 1007 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 1008 goto end; 1009 } 1010 ret=1; 1011 goto end; 1012 } 1013 if (((p++) != SSL2_MT_CLIENT_CERTIFICATE) \|\| (s->init_num < 6)) 1014* { 1015 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 1016 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ); 1017 goto end; 1018 } 1019 if (s->init_num != 6) 1020 { 1021 SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR); 1022 goto end; 1023 } 1024 1025 /* ok we have a response / 1026* /* certificate type, there is only one right now. / 1027* ctype= (p++); 1028* if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) 1029 { 1030 ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); 1031 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT); 1032 goto end; 1033 } 1034 n2s(p,i); s->s2->tmp.clen=i; 1035 n2s(p,i); s->s2->tmp.rlen=i; 1036 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D; 1037 } 1038 1039 /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D / 1040* p=(unsigned char )s->init_buf->data; 1041* len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; 1042 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 1043 { 1044 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); 1045 goto end; 1046 } 1047 j = (int)len - s->init_num; 1048 i = ssl2_read(s,(char )&(p[s->init_num]),j); 1049* if (i < j) 1050 { 1051 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 1052 goto end; 1053 } 1054 if (s->msg_callback) 1055 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE / 1056* p += 6; 1057	938 return -1; 939 memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 940 941 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; 942 s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; 943 s->init_off=0; 944 } 945 946 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) 947 { 948 i=ssl2_do_write(s); 949 if (i <= 0) 950 { 951 ret=i; 952 goto end; 953 } 954 955 s->init_num=0; 956 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C; 957 } 958 959 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) 960 { 961 p=(unsigned char )s->init_buf->data; 962* i=ssl2_read(s,(char )&(p[s->init_num]),6-s->init_num); / try to read 6 octets ... / 963* if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 964 * (probably NO-CERTIFICATE-ERROR) / 965* { 966 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 967 goto end; 968 } 969 s->init_num += i; 970 971 if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) 972 { 973 n2s(p,i); 974 if (i != SSL2_PE_NO_CERTIFICATE) 975 { 976 /* not the error message we expected -- let ssl2_part_read handle it / 977* s->init_num -= 3; 978 ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3); 979 goto end; 980 } 981 982 if (s->msg_callback) 983 s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR / 984* 985 /* this is the one place where we can recover from an SSL 2.0 error / 986* 987 if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) 988 { 989 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); 990 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 991 goto end; 992 } 993 ret=1; 994 goto end; 995 } 996 if (((p++) != SSL2_MT_CLIENT_CERTIFICATE) \|\| (s->init_num < 6)) 997* { 998 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 999 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ); 1000 goto end; 1001 } 1002 if (s->init_num != 6) 1003 { 1004 SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR); 1005 goto end; 1006 } 1007 1008 /* ok we have a response / 1009* /* certificate type, there is only one right now. / 1010* ctype= (p++); 1011* if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) 1012 { 1013 ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE); 1014 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT); 1015 goto end; 1016 } 1017 n2s(p,i); s->s2->tmp.clen=i; 1018 n2s(p,i); s->s2->tmp.rlen=i; 1019 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D; 1020 } 1021 1022 /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D / 1023* p=(unsigned char )s->init_buf->data; 1024* len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; 1025 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 1026 { 1027 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); 1028 goto end; 1029 } 1030 j = (int)len - s->init_num; 1031 i = ssl2_read(s,(char )&(p[s->init_num]),j); 1032* if (i < j) 1033 { 1034 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 1035 goto end; 1036 } 1037 if (s->msg_callback) 1038 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE / 1039* p += 6; 1040
1058 x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);	1041 cp = p; 1042 x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
1059 if (x509 == NULL) 1060 { 1061 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); 1062 goto msg_end; 1063 } 1064 1065 if (((sk=sk_X509_new_null()) == NULL) \|\| (!sk_X509_push(sk,x509))) 1066 { 1067 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1068 goto msg_end; 1069 } 1070 1071 i=ssl_verify_cert_chain(s,sk); 1072 1073 if (i) /* we like the packet, now check the chksum / 1074* { 1075 EVP_MD_CTX ctx; 1076 EVP_PKEY pkey=NULL; 1077* 1078 EVP_MD_CTX_init(&ctx); 1079 EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); 1080 EVP_VerifyUpdate(&ctx,s->s2->key_material, 1081 s->s2->key_material_length); 1082 EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 1083 1084 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 1085 buf2=OPENSSL_malloc((unsigned int)i); 1086 if (buf2 == NULL) 1087 { 1088 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1089 goto msg_end; 1090 } 1091 p2=buf2; 1092 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); 1093 EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); 1094 OPENSSL_free(buf2); 1095 1096 pkey=X509_get_pubkey(x509); 1097 if (pkey == NULL) goto end;	1043 if (x509 == NULL) 1044 { 1045 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); 1046 goto msg_end; 1047 } 1048 1049 if (((sk=sk_X509_new_null()) == NULL) \|\| (!sk_X509_push(sk,x509))) 1050 { 1051 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1052 goto msg_end; 1053 } 1054 1055 i=ssl_verify_cert_chain(s,sk); 1056 1057 if (i) /* we like the packet, now check the chksum / 1058* { 1059 EVP_MD_CTX ctx; 1060 EVP_PKEY pkey=NULL; 1061* 1062 EVP_MD_CTX_init(&ctx); 1063 EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); 1064 EVP_VerifyUpdate(&ctx,s->s2->key_material, 1065 s->s2->key_material_length); 1066 EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 1067 1068 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 1069 buf2=OPENSSL_malloc((unsigned int)i); 1070 if (buf2 == NULL) 1071 { 1072 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1073 goto msg_end; 1074 } 1075 p2=buf2; 1076 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); 1077 EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); 1078 OPENSSL_free(buf2); 1079 1080 pkey=X509_get_pubkey(x509); 1081 if (pkey == NULL) goto end;
1098 i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);	1082 i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
1099 EVP_PKEY_free(pkey); 1100 EVP_MD_CTX_cleanup(&ctx); 1101 1102 if (i) 1103 { 1104 if (s->session->peer != NULL) 1105 X509_free(s->session->peer); 1106 s->session->peer=x509; 1107 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 1108 s->session->verify_result = s->verify_result; 1109 ret=1; 1110 goto end; 1111 } 1112 else 1113 { 1114 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM); 1115 goto msg_end; 1116 } 1117 } 1118 else 1119 { 1120msg_end: 1121 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); 1122 } 1123end: 1124 sk_X509_free(sk); 1125 X509_free(x509); 1126 return(ret); 1127 } 1128 1129static int ssl_rsa_private_decrypt(CERT c, int len, unsigned char from, 1130 unsigned char to, int padding) 1131* { 1132 RSA rsa; 1133* int i; 1134 1135 if ((c == NULL) \|\| (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) 1136 { 1137 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY); 1138 return(-1); 1139 } 1140 if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) 1141 { 1142 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); 1143 return(-1); 1144 } 1145 rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa; 1146 1147 /* we have the public key / 1148* i=RSA_private_decrypt(len,from,to,rsa,padding); 1149 if (i < 0) 1150 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); 1151 return(i); 1152 } 1153#else /* !OPENSSL_NO_SSL2 / 1154* 1155# if PEDANTIC 1156static void dummy=&dummy; 1157# endif 1158* 1159#endif	1083 EVP_PKEY_free(pkey); 1084 EVP_MD_CTX_cleanup(&ctx); 1085 1086 if (i) 1087 { 1088 if (s->session->peer != NULL) 1089 X509_free(s->session->peer); 1090 s->session->peer=x509; 1091 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 1092 s->session->verify_result = s->verify_result; 1093 ret=1; 1094 goto end; 1095 } 1096 else 1097 { 1098 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM); 1099 goto msg_end; 1100 } 1101 } 1102 else 1103 { 1104msg_end: 1105 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); 1106 } 1107end: 1108 sk_X509_free(sk); 1109 X509_free(x509); 1110 return(ret); 1111 } 1112 1113static int ssl_rsa_private_decrypt(CERT c, int len, unsigned char from, 1114 unsigned char to, int padding) 1115* { 1116 RSA rsa; 1117* int i; 1118 1119 if ((c == NULL) \|\| (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) 1120 { 1121 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY); 1122 return(-1); 1123 } 1124 if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) 1125 { 1126 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA); 1127 return(-1); 1128 } 1129 rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa; 1130 1131 /* we have the public key / 1132* i=RSA_private_decrypt(len,from,to,rsa,padding); 1133 if (i < 0) 1134 SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); 1135 return(i); 1136 } 1137#else /* !OPENSSL_NO_SSL2 / 1138* 1139# if PEDANTIC 1140static void dummy=&dummy; 1141# endif 1142* 1143#endif