projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
If a callback is generating a new session ID for SSLv2, then upon exiting,
[openssl.git]
/
ssl
/
s2_lib.c
diff --git
a/ssl/s2_lib.c
b/ssl/s2_lib.c
index 43c7cab3edef4dc122c59f57ae0167f4796eed25..09fde61b5b97f0940cb8001ff516cbba2387775d 100644
(file)
--- a/
ssl/s2_lib.c
+++ b/
ssl/s2_lib.c
@@
-56,31
+56,31
@@
* [including the GNU Public Licence.]
*/
* [including the GNU Public Licence.]
*/
-#include <stdio.h>
-#include "rsa.h"
-#include "objects.h"
#include "ssl_locl.h"
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/md5.h>
-#ifndef NOPROTO
static long ssl2_default_timeout(void );
static long ssl2_default_timeout(void );
-#else
-static long ssl2_default_timeout();
-#endif
-
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-SSL_CIPHER ssl2_ciphers[]={
+
OPENSSL_GLOBAL
SSL_CIPHER ssl2_ciphers[]={
/* NULL_WITH_MD5 v3 */
#if 0
{
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
/* NULL_WITH_MD5 v3 */
#if 0
{
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+ SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
0,
SSL_ALL_CIPHERS,
0,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
#endif
/* RC4_128_EXPORT40_WITH_MD5 */
},
#endif
/* RC4_128_EXPORT40_WITH_MD5 */
@@
-88,63
+88,91
@@
SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* RC4_128_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
},
/* RC4_128_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
0,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
},
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
+ SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
},
/* RC2_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+ SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
0,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
},
/* IDEA_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+ SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
0,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* DES_64_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
},
/* DES_64_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+ SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_LOW,
0,
0,
+ 56,
+ 56,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* DES_192_EDE3_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
},
/* DES_192_EDE3_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+ SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_HIGH,
0,
0,
+ 168,
+ 168,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
/* RC4_64_WITH_MD5 */
#if 1
},
/* RC4_64_WITH_MD5 */
#if 1
@@
-152,9
+180,13
@@
SSL_CIPHER ssl2_ciphers[]={
1,
SSL2_TXT_RC4_64_WITH_MD5,
SSL2_CK_RC4_64_WITH_MD5,
1,
SSL2_TXT_RC4_64_WITH_MD5,
SSL2_CK_RC4_64_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
+ SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+ SSL_NOT_EXP|SSL_LOW,
SSL2_CF_8_BYTE_ENC,
SSL2_CF_8_BYTE_ENC,
+ 64,
+ 64,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
#endif
/* NULL SSLeay (testing) */
},
#endif
/* NULL SSLeay (testing) */
@@
-164,7
+196,11
@@
SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL,
SSL2_CK_NULL,
0,
SSL2_TXT_NULL,
SSL2_CK_NULL,
0,
+ 0,
+ 0,
+ 0,
SSL_ALL_CIPHERS,
SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
},
#endif
},
#endif
@@
-194,6
+230,9
@@
static SSL_METHOD SSLv2_data= {
ssl_bad_method,
ssl2_default_timeout,
&ssl3_undef_enc_method,
ssl_bad_method,
ssl2_default_timeout,
&ssl3_undef_enc_method,
+ ssl_undefined_function,
+ ssl2_callback_ctrl, /* local */
+ ssl2_ctx_callback_ctrl, /* local */
};
static long ssl2_default_timeout(void)
};
static long ssl2_default_timeout(void)
@@
-221,20
+260,26
@@
SSL_CIPHER *ssl2_get_cipher(unsigned int u)
int ssl2_pending(SSL *s)
{
int ssl2_pending(SSL *s)
{
- return
(s->s2->ract_data_length)
;
+ return
SSL_in_init(s) ? 0 : s->s2->ract_data_length
;
}
int ssl2_new(SSL *s)
{
}
int ssl2_new(SSL *s)
{
- SSL2_
CTX
*s2;
+ SSL2_
STATE
*s2;
- if ((s2=
(SSL2_CTX *)Malloc(sizeof(SSL2_CTX)
)) == NULL) goto err;
- memset(s2,0,sizeof
(SSL2_CTX)
);
+ if ((s2=
OPENSSL_malloc(sizeof *s2
)) == NULL) goto err;
+ memset(s2,0,sizeof
*s2
);
- if ((s2->rbuf=(unsigned char *)Malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
- if ((s2->wbuf=(unsigned char *)Malloc(
+#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+# error "assertion failed"
+#endif
+
+ if ((s2->rbuf=OPENSSL_malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+ /* wbuf needs one byte more because when using two-byte headers,
+ * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
+ if ((s2->wbuf=OPENSSL_malloc(
+ SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
s->s2=s2;
ssl2_clear(s);
s->s2=s2;
ssl2_clear(s);
@@
-242,31
+287,31
@@
int ssl2_new(SSL *s)
err:
if (s2 != NULL)
{
err:
if (s2 != NULL)
{
- if (s2->wbuf != NULL)
F
ree(s2->wbuf);
- if (s2->rbuf != NULL)
F
ree(s2->rbuf);
-
F
ree(s2);
+ if (s2->wbuf != NULL)
OPENSSL_f
ree(s2->wbuf);
+ if (s2->rbuf != NULL)
OPENSSL_f
ree(s2->rbuf);
+
OPENSSL_f
ree(s2);
}
return(0);
}
void ssl2_free(SSL *s)
{
}
return(0);
}
void ssl2_free(SSL *s)
{
- SSL2_
CTX
*s2;
+ SSL2_
STATE
*s2;
if(s == NULL)
return;
s2=s->s2;
if(s == NULL)
return;
s2=s->s2;
- if (s2->rbuf != NULL)
F
ree(s2->rbuf);
- if (s2->wbuf != NULL)
F
ree(s2->wbuf);
- memset(s2,0,sizeof
(SSL2_CTX)
);
-
F
ree(s2);
+ if (s2->rbuf != NULL)
OPENSSL_f
ree(s2->rbuf);
+ if (s2->wbuf != NULL)
OPENSSL_f
ree(s2->wbuf);
+ memset(s2,0,sizeof
*s2
);
+
OPENSSL_f
ree(s2);
s->s2=NULL;
}
void ssl2_clear(SSL *s)
{
s->s2=NULL;
}
void ssl2_clear(SSL *s)
{
- SSL2_
CTX
*s2;
+ SSL2_
STATE
*s2;
unsigned char *rbuf,*wbuf;
s2=s->s2;
unsigned char *rbuf,*wbuf;
s2=s->s2;
@@
-274,7
+319,7
@@
void ssl2_clear(SSL *s)
rbuf=s2->rbuf;
wbuf=s2->wbuf;
rbuf=s2->rbuf;
wbuf=s2->wbuf;
- memset(s2,0,sizeof
(SSL2_CTX)
);
+ memset(s2,0,sizeof
*s2
);
s2->rbuf=rbuf;
s2->wbuf=wbuf;
s2->rbuf=rbuf;
s2->wbuf=wbuf;
@@
-299,11
+344,21
@@
long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
return(ret);
}
return(ret);
}
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+ {
+ return(0);
+ }
+
long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
{
return(0);
}
long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
{
return(0);
}
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+ {
+ return(0);
+ }
+
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
/* This function needs to check if the ciphers required are actually
* available */
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
@@
-316,7
+371,7
@@
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
if (init)
{
if (init)
{
-
init=0
;
+
CRYPTO_w_lock(CRYPTO_LOCK_SSL)
;
for (i=0; i<SSL2_NUM_CIPHERS; i++)
sorted[i]= &(ssl2_ciphers[i]);
for (i=0; i<SSL2_NUM_CIPHERS; i++)
sorted[i]= &(ssl2_ciphers[i]);
@@
-324,6
+379,9
@@
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
qsort( (char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
FP_ICC ssl_cipher_ptr_id_cmp);
qsort( (char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
FP_ICC ssl_cipher_ptr_id_cmp);
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ init=0;
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
@@
-332,7
+390,7
@@
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
(char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
(char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-
(int (*)())
ssl_cipher_ptr_id_cmp);
+
FP_ICC
ssl_cipher_ptr_id_cmp);
if ((cpp == NULL) || !(*cpp)->valid)
return(NULL);
else
if ((cpp == NULL) || !(*cpp)->valid)
return(NULL);
else
@@
-361,13
+419,18
@@
void ssl2_generate_key_material(SSL *s)
unsigned char *km;
unsigned char c='0';
unsigned char *km;
unsigned char c='0';
+#ifdef CHARSET_EBCDIC
+ c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
+ see SSLv2 docu */
+#endif
+
km=s->s2->key_material;
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
km=s->s2->key_material;
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
- MD5_Update(&ctx,
(unsigned char *)
&c,1);
+ MD5_Update(&ctx,&c,1);
c++;
MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
c++;
MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
@@
-390,7
+453,7
@@
void ssl2_return_error(SSL *s, int err)
void ssl2_write_error(SSL *s)
{
void ssl2_write_error(SSL *s)
{
- char buf[3];
+
unsigned
char buf[3];
int i,error;
buf[0]=SSL2_MT_ERROR;
int i,error;
buf[0]=SSL2_MT_ERROR;
@@
-416,4
+479,10
@@
int ssl2_shutdown(SSL *s)
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return(1);
}
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return(1);
}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+#endif