| s2_srvr.c (142428) | s2_srvr.c (160817) |
|---|---|
| 1/* ssl/s2_srvr.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 123 unchanged lines hidden (view full) --- 132static SSL_METHOD *ssl2_get_server_method(int ver) 133 { 134 if (ver == SSL2_VERSION) 135 return(SSLv2_server_method()); 136 else 137 return(NULL); 138 } 139 | 1/* ssl/s2_srvr.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 123 unchanged lines hidden (view full) --- 132static SSL_METHOD *ssl2_get_server_method(int ver) 133 { 134 if (ver == SSL2_VERSION) 135 return(SSLv2_server_method()); 136 else 137 return(NULL); 138 } 139 |
| 140SSL_METHOD *SSLv2_server_method(void) 141 { 142 static int init=1; 143 static SSL_METHOD SSLv2_server_data; | 140IMPLEMENT_ssl2_meth_func(SSLv2_server_method, 141 ssl2_accept, 142 ssl_undefined_function, 143 ssl2_get_server_method) |
| 144 | 144 |
| 145 if (init) 146 { 147 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); 148 149 if (init) 150 { 151 memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), 152 sizeof(SSL_METHOD)); 153 SSLv2_server_data.ssl_accept=ssl2_accept; 154 SSLv2_server_data.get_ssl_method=ssl2_get_server_method; 155 init=0; 156 } 157 158 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); 159 } 160 return(&SSLv2_server_data); 161 } 162 | |
| 163int ssl2_accept(SSL *s) 164 { | 145int ssl2_accept(SSL *s) 146 { |
| 165 unsigned long l=time(NULL); | 147 unsigned long l=(unsigned long)time(NULL); |
| 166 BUF_MEM *buf=NULL; 167 int ret= -1; 168 long num1; 169 void (*cb)(const SSL *ssl,int type,int val)=NULL; 170 int new_state,state; 171 172 RAND_add(&l,sizeof(l),0); 173 ERR_clear_error(); --- 319 unchanged lines hidden (view full) --- 493 || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != 494 (unsigned int)EVP_CIPHER_key_length(c)))))) 495 { 496 ERR_clear_error(); 497 if (is_export) 498 i=ek; 499 else 500 i=EVP_CIPHER_key_length(c); | 148 BUF_MEM *buf=NULL; 149 int ret= -1; 150 long num1; 151 void (*cb)(const SSL *ssl,int type,int val)=NULL; 152 int new_state,state; 153 154 RAND_add(&l,sizeof(l),0); 155 ERR_clear_error(); --- 319 unchanged lines hidden (view full) --- 475 || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != 476 (unsigned int)EVP_CIPHER_key_length(c)))))) 477 { 478 ERR_clear_error(); 479 if (is_export) 480 i=ek; 481 else 482 i=EVP_CIPHER_key_length(c); |
| 501 if(RAND_pseudo_bytes(p,i) <= 0) 502 return 0; | 483 if (RAND_pseudo_bytes(p,i) <= 0) 484 return 0; |
| 503 } 504#else 505 if (i < 0) 506 { 507 error=1; 508 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); 509 } 510 /* incorrect number of key bytes for non export cipher */ --- 281 unchanged lines hidden (view full) --- 792 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 793 s2n(n,p); /* certificate length */ 794 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); 795 n=0; 796 797 /* lets send out the ciphers we like in the 798 * prefered order */ 799 sk= s->session->ciphers; | 485 } 486#else 487 if (i < 0) 488 { 489 error=1; 490 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); 491 } 492 /* incorrect number of key bytes for non export cipher */ --- 281 unchanged lines hidden (view full) --- 774 n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); 775 s2n(n,p); /* certificate length */ 776 i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); 777 n=0; 778 779 /* lets send out the ciphers we like in the 780 * prefered order */ 781 sk= s->session->ciphers; |
| 800 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d); | 782 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); |
| 801 d+=n; 802 s2n(n,p); /* add cipher length */ 803 } 804 805 /* make and send conn_id */ 806 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ 807 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; | 783 d+=n; 784 s2n(n,p); /* add cipher length */ 785 } 786 787 /* make and send conn_id */ 788 s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ 789 s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; |
| 808 if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) 809 return -1; | 790 if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) 791 return -1; |
| 810 memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); 811 d+=SSL2_CONNECTION_ID_LENGTH; 812 813 s->state=SSL2_ST_SEND_SERVER_HELLO_B; 814 s->init_num=d-(unsigned char *)s->init_buf->data; 815 s->init_off=0; 816 } 817 /* SSL2_ST_SEND_SERVER_HELLO_B */ --- 115 unchanged lines hidden (view full) --- 933 934 /* SSL2_ST_SEND_SERVER_FINISHED_B */ 935 return(ssl2_do_write(s)); 936 } 937 938/* send the request and check the response */ 939static int request_certificate(SSL *s) 940 { | 792 memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); 793 d+=SSL2_CONNECTION_ID_LENGTH; 794 795 s->state=SSL2_ST_SEND_SERVER_HELLO_B; 796 s->init_num=d-(unsigned char *)s->init_buf->data; 797 s->init_off=0; 798 } 799 /* SSL2_ST_SEND_SERVER_HELLO_B */ --- 115 unchanged lines hidden (view full) --- 915 916 /* SSL2_ST_SEND_SERVER_FINISHED_B */ 917 return(ssl2_do_write(s)); 918 } 919 920/* send the request and check the response */ 921static int request_certificate(SSL *s) 922 { |
| 923 const unsigned char *cp; |
|
| 941 unsigned char *p,*p2,*buf2; 942 unsigned char *ccd; 943 int i,j,ctype,ret= -1; 944 unsigned long len; 945 X509 *x509=NULL; 946 STACK_OF(X509) *sk=NULL; 947 948 ccd=s->s2->tmp.ccl; 949 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) 950 { 951 p=(unsigned char *)s->init_buf->data; 952 *(p++)=SSL2_MT_REQUEST_CERTIFICATE; 953 *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; | 924 unsigned char *p,*p2,*buf2; 925 unsigned char *ccd; 926 int i,j,ctype,ret= -1; 927 unsigned long len; 928 X509 *x509=NULL; 929 STACK_OF(X509) *sk=NULL; 930 931 ccd=s->s2->tmp.ccl; 932 if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) 933 { 934 p=(unsigned char *)s->init_buf->data; 935 *(p++)=SSL2_MT_REQUEST_CERTIFICATE; 936 *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; |
| 954 if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) | 937 if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) |
| 955 return -1; 956 memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 957 958 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; 959 s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; 960 s->init_off=0; 961 } 962 --- 87 unchanged lines hidden (view full) --- 1050 { 1051 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 1052 goto end; 1053 } 1054 if (s->msg_callback) 1055 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ 1056 p += 6; 1057 | 938 return -1; 939 memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); 940 941 s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; 942 s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2; 943 s->init_off=0; 944 } 945 --- 87 unchanged lines hidden (view full) --- 1033 { 1034 ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); 1035 goto end; 1036 } 1037 if (s->msg_callback) 1038 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ 1039 p += 6; 1040 |
| 1058 x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); | 1041 cp = p; 1042 x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen); |
| 1059 if (x509 == NULL) 1060 { 1061 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); 1062 goto msg_end; 1063 } 1064 1065 if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509))) 1066 { --- 23 unchanged lines hidden (view full) --- 1090 } 1091 p2=buf2; 1092 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); 1093 EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); 1094 OPENSSL_free(buf2); 1095 1096 pkey=X509_get_pubkey(x509); 1097 if (pkey == NULL) goto end; | 1043 if (x509 == NULL) 1044 { 1045 SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); 1046 goto msg_end; 1047 } 1048 1049 if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509))) 1050 { --- 23 unchanged lines hidden (view full) --- 1074 } 1075 p2=buf2; 1076 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); 1077 EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); 1078 OPENSSL_free(buf2); 1079 1080 pkey=X509_get_pubkey(x509); 1081 if (pkey == NULL) goto end; |
| 1098 i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); | 1082 i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey); |
| 1099 EVP_PKEY_free(pkey); 1100 EVP_MD_CTX_cleanup(&ctx); 1101 1102 if (i) 1103 { 1104 if (s->session->peer != NULL) 1105 X509_free(s->session->peer); 1106 s->session->peer=x509; --- 53 unchanged lines hidden --- | 1083 EVP_PKEY_free(pkey); 1084 EVP_MD_CTX_cleanup(&ctx); 1085 1086 if (i) 1087 { 1088 if (s->session->peer != NULL) 1089 X509_free(s->session->peer); 1090 s->session->peer=x509; --- 53 unchanged lines hidden --- |