X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs2_lib.c;h=0cbbb066fdd12c0bb44dd87867c57804a981f365;hb=6c950e0dc97a84cab70bd004142cfa59f3eb46a4;hp=47713ec9f9d7d844d0ab47cf4d6a75cc927617f0;hpb=b35e9050f282c5ea2164bd5b08ed34d03accf45f;p=openssl.git diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 47713ec9f9..0cbbb066fd 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -57,11 +57,13 @@ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include #include #include +#include #include +#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -76,7 +78,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -196,6 +199,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, @@ -230,6 +234,9 @@ static SSL_METHOD SSLv2_data= { ssl_bad_method, ssl2_default_timeout, &ssl3_undef_enc_method, + ssl_undefined_function, + ssl2_callback_ctrl, /* local */ + ssl2_ctx_callback_ctrl, /* local */ }; static long ssl2_default_timeout(void) @@ -257,20 +264,26 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u) int ssl2_pending(SSL *s) { - return(s->s2->ract_data_length); + return SSL_in_init(s) ? 0 : s->s2->ract_data_length; } int ssl2_new(SSL *s) { SSL2_STATE *s2; - if ((s2=Malloc(sizeof *s2)) == NULL) goto err; + if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; memset(s2,0,sizeof *s2); - if ((s2->rbuf=Malloc( - SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; - if ((s2->wbuf=Malloc( +#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 +# error "assertion failed" +#endif + + if ((s2->rbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; + /* wbuf needs one byte more because when using two-byte headers, + * we leave the first byte unused in do_ssl_write (s2_pkt.c) */ + if ((s2->wbuf=OPENSSL_malloc( + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err; s->s2=s2; ssl2_clear(s); @@ -278,9 +291,9 @@ int ssl2_new(SSL *s) err: if (s2 != NULL) { - if (s2->wbuf != NULL) Free(s2->wbuf); - if (s2->rbuf != NULL) Free(s2->rbuf); - Free(s2); + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); + OPENSSL_free(s2); } return(0); } @@ -293,10 +306,10 @@ void ssl2_free(SSL *s) return; s2=s->s2; - if (s2->rbuf != NULL) Free(s2->rbuf); - if (s2->wbuf != NULL) Free(s2->wbuf); + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); memset(s2,0,sizeof *s2); - Free(s2); + OPENSSL_free(s2); s->s2=NULL; } @@ -320,7 +333,7 @@ void ssl2_clear(SSL *s) s->packet_length=0; } -long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -335,7 +348,17 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) return(ret); } -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) + { + return(0); + } + +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + { + return(0); + } + +long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) { return(0); } @@ -354,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); - for (i=0; ivalid) return(NULL); else @@ -393,31 +420,51 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -void ssl2_generate_key_material(SSL *s) +int ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see SSLv2 docu */ #endif - + EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) + + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + for (i=0; is2->key_material_length; i += EVP_MD_size(md5)) { - MD5_Init(&ctx); + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + { + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + EVP_DigestInit_ex(&ctx, md5, NULL); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); - km+=MD5_DIGEST_LENGTH; + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal_ex(&ctx,km,NULL); + km += EVP_MD_size(md5); } + + EVP_MD_CTX_cleanup(&ctx); + return 1; } void ssl2_return_error(SSL *s, int err) @@ -442,17 +489,26 @@ void ssl2_write_error(SSL *s) buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ - error=s->error; + + error=s->error; /* number of bytes left to write */ s->error=0; + if (error < 0 || error > sizeof buf) /* can't happen */ + return; + i=ssl2_write(s,&(buf[3-error]),error); + /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; - else if (i != s->error) + else + { s->error=error-i; - /* else - s->error=0; */ + + if (s->error == 0) + if (s->msg_callback) + s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ + } } int ssl2_shutdown(SSL *s) @@ -460,7 +516,7 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy;