#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
-#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
+#ifndef OPENSSL_NO_IDEA
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* DES_64_CBC_WITH_MD5 */
{
1,
ssl2_shutdown,
ssl_ok, /* NULL - renegotiate */
ssl_ok, /* NULL - check renegotiate */
+ NULL, /* NULL - ssl_get_message */
+ NULL, /* NULL - ssl_get_record */
+ NULL, /* NULL - ssl_write_bytes */
+ NULL, /* NULL - dispatch_alert */
ssl2_ctrl, /* local */
ssl2_ctx_ctrl, /* local */
ssl2_get_cipher_by_char,
ssl_bad_method,
ssl2_default_timeout,
&ssl3_undef_enc_method,
- ssl_undefined_function,
+ ssl_undefined_void_function,
ssl2_callback_ctrl, /* local */
ssl2_ctx_callback_ctrl, /* local */
};
return(NULL);
}
-int ssl2_pending(SSL *s)
+int ssl2_pending(const SSL *s)
{
return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
}
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- memset(s2,0,sizeof *s2);
+ OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
return(ret);
}
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
return(0);
}
return(0);
}
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
return(0);
}
static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
SSL_CIPHER c,*cp= &c,**cpp;
unsigned long id;
- int i;
+ unsigned int i;
if (init)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- for (i=0; i<SSL2_NUM_CIPHERS; i++)
- sorted[i]= &(ssl2_ciphers[i]);
+ if (init)
+ {
+ for (i=0; i<SSL2_NUM_CIPHERS; i++)
+ sorted[i]= &(ssl2_ciphers[i]);
- qsort( (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
+ qsort((char *)sorted,
+ SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+ FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- init=0;
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
return(3);
}
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
EVP_MD_CTX ctx;
unsigned char *km;
unsigned char c='0';
+ const EVP_MD *md5;
+
+ md5 = EVP_md5();
#ifdef CHARSET_EBCDIC
c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
#endif
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
- die(s->s2->key_material_length <= sizeof s->s2->key_material);
- for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+
+ if (s->session->master_key_length < 0 ||
+ s->session->master_key_length > (int)sizeof(s->session->master_key))
+ {
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
{
- EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+ if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+ (int)sizeof(s->s2->key_material))
+ {
+ /* EVP_DigestFinal_ex() below would write beyond buffer */
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ EVP_DigestInit_ex(&ctx, md5, NULL);
- die(s->session->master_key_length >= 0
+ OPENSSL_assert(s->session->master_key_length >= 0
&& s->session->master_key_length
- < sizeof s->session->master_key);
+ < (int)sizeof(s->session->master_key));
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
EVP_DigestFinal_ex(&ctx,km,NULL);
- km+=MD5_DIGEST_LENGTH;
+ km += EVP_MD_size(md5);
}
+
EVP_MD_CTX_cleanup(&ctx);
+ return 1;
}
void ssl2_return_error(SSL *s, int err)
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
- error=s->error;
+
+ error=s->error; /* number of bytes left to write */
s->error=0;
- die(error >= 0 && error <= 3);
+ OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
i=ssl2_write(s,&(buf[3-error]),error);
+
/* if (i == error) s->rwstate=state; */
if (i < 0)