s2_lib.c revision 331638
1/* ssl/s2_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112#include "ssl_locl.h" 113#ifndef OPENSSL_NO_SSL2 114# include <stdio.h> 115# include <openssl/objects.h> 116# include <openssl/evp.h> 117# include <openssl/md5.h> 118 119const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT; 120 121# define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) 122 123/* list of available SSLv2 ciphers (sorted by id) */ 124OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 125# if 0 126/* NULL_WITH_MD5 v3 */ 127 { 128 1, 129 SSL2_TXT_NULL_WITH_MD5, 130 SSL2_CK_NULL_WITH_MD5, 131 SSL_kRSA, 132 SSL_aRSA, 133 SSL_eNULL, 134 SSL_MD5, 135 SSL_SSLV2, 136 SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE, 137 0, 138 0, 139 0, 140 }, 141# endif 142 143/* RC4_128_WITH_MD5 */ 144 { 145 1, 146 SSL2_TXT_RC4_128_WITH_MD5, 147 SSL2_CK_RC4_128_WITH_MD5, 148 SSL_kRSA, 149 SSL_aRSA, 150 SSL_RC4, 151 SSL_MD5, 152 SSL_SSLV2, 153 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, 154 0, 155 128, 156 128, 157 }, 158 159# if 0 160/* RC4_128_EXPORT40_WITH_MD5 */ 161 { 162 1, 163 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, 164 SSL2_CK_RC4_128_EXPORT40_WITH_MD5, 165 SSL_kRSA, 166 SSL_aRSA, 167 SSL_RC4, 168 SSL_MD5, 169 SSL_SSLV2, 170 SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, 171 SSL2_CF_5_BYTE_ENC, 172 40, 173 128, 174 }, 175# endif 176 177/* RC2_128_CBC_WITH_MD5 */ 178 { 179 1, 180 SSL2_TXT_RC2_128_CBC_WITH_MD5, 181 SSL2_CK_RC2_128_CBC_WITH_MD5, 182 SSL_kRSA, 183 SSL_aRSA, 184 SSL_RC2, 185 SSL_MD5, 186 SSL_SSLV2, 187 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, 188 0, 189 128, 190 128, 191 }, 192 193# if 0 194/* RC2_128_CBC_EXPORT40_WITH_MD5 */ 195 { 196 1, 197 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, 198 SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 199 SSL_kRSA, 200 SSL_aRSA, 201 SSL_RC2, 202 SSL_MD5, 203 SSL_SSLV2, 204 SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, 205 SSL2_CF_5_BYTE_ENC, 206 40, 207 128, 208 }, 209# endif 210 211# ifndef OPENSSL_NO_IDEA 212/* IDEA_128_CBC_WITH_MD5 */ 213 { 214 1, 215 SSL2_TXT_IDEA_128_CBC_WITH_MD5, 216 SSL2_CK_IDEA_128_CBC_WITH_MD5, 217 SSL_kRSA, 218 SSL_aRSA, 219 SSL_IDEA, 220 SSL_MD5, 221 SSL_SSLV2, 222 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, 223 0, 224 128, 225 128, 226 }, 227# endif 228 229# if 0 230/* DES_64_CBC_WITH_MD5 */ 231 { 232 1, 233 SSL2_TXT_DES_64_CBC_WITH_MD5, 234 SSL2_CK_DES_64_CBC_WITH_MD5, 235 SSL_kRSA, 236 SSL_aRSA, 237 SSL_DES, 238 SSL_MD5, 239 SSL_SSLV2, 240 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, 241 0, 242 56, 243 56, 244 }, 245# endif 246 247/* DES_192_EDE3_CBC_WITH_MD5 */ 248 { 249 1, 250 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, 251 SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, 252 SSL_kRSA, 253 SSL_aRSA, 254 SSL_3DES, 255 SSL_MD5, 256 SSL_SSLV2, 257 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, 258 0, 259 112, 260 168, 261 }, 262 263# if 0 264/* RC4_64_WITH_MD5 */ 265 { 266 1, 267 SSL2_TXT_RC4_64_WITH_MD5, 268 SSL2_CK_RC4_64_WITH_MD5, 269 SSL_kRSA, 270 SSL_aRSA, 271 SSL_RC4, 272 SSL_MD5, 273 SSL_SSLV2, 274 SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, 275 SSL2_CF_8_BYTE_ENC, 276 64, 277 64, 278 }, 279# endif 280 281# if 0 282/* NULL SSLeay (testing) */ 283 { 284 0, 285 SSL2_TXT_NULL, 286 SSL2_CK_NULL, 287 0, 288 0, 289 0, 290 0, 291 SSL_SSLV2, 292 SSL_STRONG_NONE, 293 0, 294 0, 295 0, 296 }, 297# endif 298 299/* end of list :-) */ 300}; 301 302long ssl2_default_timeout(void) 303{ 304 return (300); 305} 306 307int ssl2_num_ciphers(void) 308{ 309 return (SSL2_NUM_CIPHERS); 310} 311 312const SSL_CIPHER *ssl2_get_cipher(unsigned int u) 313{ 314 if (u < SSL2_NUM_CIPHERS) 315 return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u])); 316 else 317 return (NULL); 318} 319 320int ssl2_pending(const SSL *s) 321{ 322 return SSL_in_init(s) ? 0 : s->s2->ract_data_length; 323} 324 325int ssl2_new(SSL *s) 326{ 327 SSL2_STATE *s2; 328 329 if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL) 330 goto err; 331 memset(s2, 0, sizeof(*s2)); 332 333# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 334# error "assertion failed" 335# endif 336 337 if ((s2->rbuf = 338 OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL) 339 goto err; 340 /* 341 * wbuf needs one byte more because when using two-byte headers, we leave 342 * the first byte unused in do_ssl_write (s2_pkt.c) 343 */ 344 if ((s2->wbuf = 345 OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL) 346 goto err; 347 s->s2 = s2; 348 349 ssl2_clear(s); 350 return (1); 351 err: 352 if (s2 != NULL) { 353 if (s2->wbuf != NULL) 354 OPENSSL_free(s2->wbuf); 355 if (s2->rbuf != NULL) 356 OPENSSL_free(s2->rbuf); 357 OPENSSL_free(s2); 358 } 359 return (0); 360} 361 362void ssl2_free(SSL *s) 363{ 364 SSL2_STATE *s2; 365 366 if (s == NULL) 367 return; 368 369 s2 = s->s2; 370 if (s2->rbuf != NULL) 371 OPENSSL_free(s2->rbuf); 372 if (s2->wbuf != NULL) 373 OPENSSL_free(s2->wbuf); 374 OPENSSL_cleanse(s2, sizeof(*s2)); 375 OPENSSL_free(s2); 376 s->s2 = NULL; 377} 378 379void ssl2_clear(SSL *s) 380{ 381 SSL2_STATE *s2; 382 unsigned char *rbuf, *wbuf; 383 384 s2 = s->s2; 385 386 rbuf = s2->rbuf; 387 wbuf = s2->wbuf; 388 389 memset(s2, 0, sizeof(*s2)); 390 391 s2->rbuf = rbuf; 392 s2->wbuf = wbuf; 393 s2->clear_text = 1; 394 s->packet = s2->rbuf; 395 s->version = SSL2_VERSION; 396 s->packet_length = 0; 397} 398 399long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) 400{ 401 int ret = 0; 402 403 switch (cmd) { 404 case SSL_CTRL_GET_SESSION_REUSED: 405 ret = s->hit; 406 break; 407 case SSL_CTRL_CHECK_PROTO_VERSION: 408 return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); 409 default: 410 break; 411 } 412 return (ret); 413} 414 415long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) 416{ 417 return (0); 418} 419 420long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 421{ 422 return (0); 423} 424 425long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) 426{ 427 return (0); 428} 429 430/* 431 * This function needs to check if the ciphers required are actually 432 * available 433 */ 434const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) 435{ 436 SSL_CIPHER c; 437 const SSL_CIPHER *cp; 438 unsigned long id; 439 440 id = 0x02000000L | ((unsigned long)p[0] << 16L) | 441 ((unsigned long)p[1] << 8L) | (unsigned long)p[2]; 442 c.id = id; 443 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS); 444 return cp; 445} 446 447int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 448{ 449 long l; 450 451 if (p != NULL) { 452 l = c->id; 453 if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) 454 return (0); 455 p[0] = ((unsigned char)(l >> 16L)) & 0xFF; 456 p[1] = ((unsigned char)(l >> 8L)) & 0xFF; 457 p[2] = ((unsigned char)(l)) & 0xFF; 458 } 459 return (3); 460} 461 462int ssl2_generate_key_material(SSL *s) 463{ 464 unsigned int i; 465 EVP_MD_CTX ctx; 466 unsigned char *km; 467 unsigned char c = '0'; 468 const EVP_MD *md5; 469 int md_size; 470 471 md5 = EVP_md5(); 472 473# ifdef CHARSET_EBCDIC 474 c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see 475 * SSLv2 docu */ 476# endif 477 EVP_MD_CTX_init(&ctx); 478 km = s->s2->key_material; 479 480 if (s->session->master_key_length < 0 || 481 s->session->master_key_length > (int)sizeof(s->session->master_key)) { 482 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); 483 return 0; 484 } 485 md_size = EVP_MD_size(md5); 486 if (md_size < 0) 487 return 0; 488 for (i = 0; i < s->s2->key_material_length; i += md_size) { 489 if (((km - s->s2->key_material) + md_size) > 490 (int)sizeof(s->s2->key_material)) { 491 /* 492 * EVP_DigestFinal_ex() below would write beyond buffer 493 */ 494 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); 495 return 0; 496 } 497 498 EVP_DigestInit_ex(&ctx, md5, NULL); 499 500 OPENSSL_assert(s->session->master_key_length >= 0 501 && s->session->master_key_length 502 <= (int)sizeof(s->session->master_key)); 503 EVP_DigestUpdate(&ctx, s->session->master_key, 504 s->session->master_key_length); 505 EVP_DigestUpdate(&ctx, &c, 1); 506 c++; 507 EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length); 508 EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length); 509 EVP_DigestFinal_ex(&ctx, km, NULL); 510 km += md_size; 511 } 512 513 EVP_MD_CTX_cleanup(&ctx); 514 return 1; 515} 516 517void ssl2_return_error(SSL *s, int err) 518{ 519 if (!s->error) { 520 s->error = 3; 521 s->error_code = err; 522 523 ssl2_write_error(s); 524 } 525} 526 527void ssl2_write_error(SSL *s) 528{ 529 unsigned char buf[3]; 530 int i, error; 531 532 buf[0] = SSL2_MT_ERROR; 533 buf[1] = (s->error_code >> 8) & 0xff; 534 buf[2] = (s->error_code) & 0xff; 535 536/* state=s->rwstate;*/ 537 538 error = s->error; /* number of bytes left to write */ 539 s->error = 0; 540 OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); 541 i = ssl2_write(s, &(buf[3 - error]), error); 542 543/* if (i == error) s->rwstate=state; */ 544 545 if (i < 0) 546 s->error = error; 547 else { 548 s->error = error - i; 549 550 if (s->error == 0) 551 if (s->msg_callback) { 552 /* ERROR */ 553 s->msg_callback(1, s->version, 0, buf, 3, s, 554 s->msg_callback_arg); 555 } 556 } 557} 558 559int ssl2_shutdown(SSL *s) 560{ 561 s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 562 return (1); 563} 564#else /* !OPENSSL_NO_SSL2 */ 565 566# if PEDANTIC 567static void *dummy = &dummy; 568# endif 569 570#endif 571