Home | History | Annotate | Download | only in ssl
      1 /* ssl/s2_lib.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 
    112 #include "ssl_locl.h"
    113 #ifndef OPENSSL_NO_SSL2
    114 #include <stdio.h>
    115 #include <openssl/objects.h>
    116 #include <openssl/evp.h>
    117 #include <openssl/md5.h>
    118 
    119 const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
    120 
    121 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
    122 
    123 /* list of available SSLv2 ciphers (sorted by id) */
    124 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
    125 #if 0
    126 /* NULL_WITH_MD5 v3 */
    127 	{
    128 	1,
    129 	SSL2_TXT_NULL_WITH_MD5,
    130 	SSL2_CK_NULL_WITH_MD5,
    131 	SSL_kRSA,
    132 	SSL_aRSA,
    133 	SSL_eNULL,
    134 	SSL_MD5,
    135 	SSL_SSLV2,
    136 	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
    137 	0,
    138 	0,
    139 	0,
    140 	},
    141 #endif
    142 
    143 /* RC4_128_WITH_MD5 */
    144 	{
    145 	1,
    146 	SSL2_TXT_RC4_128_WITH_MD5,
    147 	SSL2_CK_RC4_128_WITH_MD5,
    148 	SSL_kRSA,
    149 	SSL_aRSA,
    150 	SSL_RC4,
    151 	SSL_MD5,
    152 	SSL_SSLV2,
    153 	SSL_NOT_EXP|SSL_MEDIUM,
    154 	0,
    155 	128,
    156 	128,
    157 	},
    158 
    159 /* RC4_128_EXPORT40_WITH_MD5 */
    160 	{
    161 	1,
    162 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
    163 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
    164 	SSL_kRSA,
    165 	SSL_aRSA,
    166 	SSL_RC4,
    167 	SSL_MD5,
    168 	SSL_SSLV2,
    169 	SSL_EXPORT|SSL_EXP40,
    170 	SSL2_CF_5_BYTE_ENC,
    171 	40,
    172 	128,
    173 	},
    174 
    175 /* RC2_128_CBC_WITH_MD5 */
    176 	{
    177 	1,
    178 	SSL2_TXT_RC2_128_CBC_WITH_MD5,
    179 	SSL2_CK_RC2_128_CBC_WITH_MD5,
    180 	SSL_kRSA,
    181 	SSL_aRSA,
    182 	SSL_RC2,
    183 	SSL_MD5,
    184 	SSL_SSLV2,
    185 	SSL_NOT_EXP|SSL_MEDIUM,
    186 	0,
    187 	128,
    188 	128,
    189 	},
    190 
    191 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
    192 	{
    193 	1,
    194 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
    195 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
    196 	SSL_kRSA,
    197 	SSL_aRSA,
    198 	SSL_RC2,
    199 	SSL_MD5,
    200 	SSL_SSLV2,
    201 	SSL_EXPORT|SSL_EXP40,
    202 	SSL2_CF_5_BYTE_ENC,
    203 	40,
    204 	128,
    205 	},
    206 
    207 #ifndef OPENSSL_NO_IDEA
    208 /* IDEA_128_CBC_WITH_MD5 */
    209 	{
    210 	1,
    211 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
    212 	SSL2_CK_IDEA_128_CBC_WITH_MD5,
    213 	SSL_kRSA,
    214 	SSL_aRSA,
    215 	SSL_IDEA,
    216 	SSL_MD5,
    217 	SSL_SSLV2,
    218 	SSL_NOT_EXP|SSL_MEDIUM,
    219 	0,
    220 	128,
    221 	128,
    222 	},
    223 #endif
    224 
    225 /* DES_64_CBC_WITH_MD5 */
    226 	{
    227 	1,
    228 	SSL2_TXT_DES_64_CBC_WITH_MD5,
    229 	SSL2_CK_DES_64_CBC_WITH_MD5,
    230 	SSL_kRSA,
    231 	SSL_aRSA,
    232 	SSL_DES,
    233 	SSL_MD5,
    234 	SSL_SSLV2,
    235 	SSL_NOT_EXP|SSL_LOW,
    236 	0,
    237 	56,
    238 	56,
    239 	},
    240 
    241 /* DES_192_EDE3_CBC_WITH_MD5 */
    242 	{
    243 	1,
    244 	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
    245 	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
    246 	SSL_kRSA,
    247 	SSL_aRSA,
    248 	SSL_3DES,
    249 	SSL_MD5,
    250 	SSL_SSLV2,
    251 	SSL_NOT_EXP|SSL_HIGH,
    252 	0,
    253 	112,
    254 	168,
    255 	},
    256 
    257 #if 0
    258 /* RC4_64_WITH_MD5 */
    259 	{
    260 	1,
    261 	SSL2_TXT_RC4_64_WITH_MD5,
    262 	SSL2_CK_RC4_64_WITH_MD5,
    263 	SSL_kRSA,
    264 	SSL_aRSA,
    265 	SSL_RC4,
    266 	SSL_MD5,
    267 	SSL_SSLV2,
    268 	SSL_NOT_EXP|SSL_LOW,
    269 	SSL2_CF_8_BYTE_ENC,
    270 	64,
    271 	64,
    272 	},
    273 #endif
    274 
    275 #if 0
    276 /* NULL SSLeay (testing) */
    277 	{
    278 	0,
    279 	SSL2_TXT_NULL,
    280 	SSL2_CK_NULL,
    281 	0,
    282 	0,
    283 	0,
    284 	0,
    285 	SSL_SSLV2,
    286 	SSL_STRONG_NONE,
    287 	0,
    288 	0,
    289 	0,
    290 	},
    291 #endif
    292 
    293 /* end of list :-) */
    294 	};
    295 
    296 long ssl2_default_timeout(void)
    297 	{
    298 	return(300);
    299 	}
    300 
    301 int ssl2_num_ciphers(void)
    302 	{
    303 	return(SSL2_NUM_CIPHERS);
    304 	}
    305 
    306 const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
    307 	{
    308 	if (u < SSL2_NUM_CIPHERS)
    309 		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
    310 	else
    311 		return(NULL);
    312 	}
    313 
    314 int ssl2_pending(const SSL *s)
    315 	{
    316 	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
    317 	}
    318 
    319 int ssl2_new(SSL *s)
    320 	{
    321 	SSL2_STATE *s2;
    322 
    323 	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
    324 	memset(s2,0,sizeof *s2);
    325 
    326 #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
    327 #  error "assertion failed"
    328 #endif
    329 
    330 	if ((s2->rbuf=OPENSSL_malloc(
    331 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
    332 	/* wbuf needs one byte more because when using two-byte headers,
    333 	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
    334 	if ((s2->wbuf=OPENSSL_malloc(
    335 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
    336 	s->s2=s2;
    337 
    338 	ssl2_clear(s);
    339 	return(1);
    340 err:
    341 	if (s2 != NULL)
    342 		{
    343 		if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
    344 		if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
    345 		OPENSSL_free(s2);
    346 		}
    347 	return(0);
    348 	}
    349 
    350 void ssl2_free(SSL *s)
    351 	{
    352 	SSL2_STATE *s2;
    353 
    354 	if(s == NULL)
    355 	    return;
    356 
    357 	s2=s->s2;
    358 	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
    359 	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
    360 	OPENSSL_cleanse(s2,sizeof *s2);
    361 	OPENSSL_free(s2);
    362 	s->s2=NULL;
    363 	}
    364 
    365 void ssl2_clear(SSL *s)
    366 	{
    367 	SSL2_STATE *s2;
    368 	unsigned char *rbuf,*wbuf;
    369 
    370 	s2=s->s2;
    371 
    372 	rbuf=s2->rbuf;
    373 	wbuf=s2->wbuf;
    374 
    375 	memset(s2,0,sizeof *s2);
    376 
    377 	s2->rbuf=rbuf;
    378 	s2->wbuf=wbuf;
    379 	s2->clear_text=1;
    380 	s->packet=s2->rbuf;
    381 	s->version=SSL2_VERSION;
    382 	s->packet_length=0;
    383 	}
    384 
    385 long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
    386 	{
    387 	int ret=0;
    388 
    389 	switch(cmd)
    390 		{
    391 	case SSL_CTRL_GET_SESSION_REUSED:
    392 		ret=s->hit;
    393 		break;
    394 	case SSL_CTRL_CHECK_PROTO_VERSION:
    395 		return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
    396 	default:
    397 		break;
    398 		}
    399 	return(ret);
    400 	}
    401 
    402 long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
    403 	{
    404 	return(0);
    405 	}
    406 
    407 long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
    408 	{
    409 	return(0);
    410 	}
    411 
    412 long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
    413 	{
    414 	return(0);
    415 	}
    416 
    417 /* This function needs to check if the ciphers required are actually
    418  * available */
    419 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
    420 	{
    421 	SSL_CIPHER c;
    422 	const SSL_CIPHER *cp;
    423 	unsigned long id;
    424 
    425 	id=0x02000000L|((unsigned long)p[0]<<16L)|
    426 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
    427 	c.id=id;
    428 	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
    429 	if ((cp == NULL) || (cp->valid == 0))
    430 		return NULL;
    431 	else
    432 		return cp;
    433 	}
    434 
    435 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
    436 	{
    437 	long l;
    438 
    439 	if (p != NULL)
    440 		{
    441 		l=c->id;
    442 		if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
    443 		p[0]=((unsigned char)(l>>16L))&0xFF;
    444 		p[1]=((unsigned char)(l>> 8L))&0xFF;
    445 		p[2]=((unsigned char)(l     ))&0xFF;
    446 		}
    447 	return(3);
    448 	}
    449 
    450 int ssl2_generate_key_material(SSL *s)
    451 	{
    452 	unsigned int i;
    453 	EVP_MD_CTX ctx;
    454 	unsigned char *km;
    455 	unsigned char c='0';
    456 	const EVP_MD *md5;
    457 	int md_size;
    458 
    459 	md5 = EVP_md5();
    460 
    461 #ifdef CHARSET_EBCDIC
    462 	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
    463 				see SSLv2 docu */
    464 #endif
    465 	EVP_MD_CTX_init(&ctx);
    466 	km=s->s2->key_material;
    467 
    468  	if (s->session->master_key_length < 0 ||
    469 			s->session->master_key_length > (int)sizeof(s->session->master_key))
    470  		{
    471  		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
    472  		return 0;
    473  		}
    474 	md_size = EVP_MD_size(md5);
    475 	if (md_size < 0)
    476 	    return 0;
    477 	for (i=0; i<s->s2->key_material_length; i += md_size)
    478 		{
    479 		if (((km - s->s2->key_material) + md_size) >
    480 				(int)sizeof(s->s2->key_material))
    481 			{
    482 			/* EVP_DigestFinal_ex() below would write beyond buffer */
    483 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
    484 			return 0;
    485 			}
    486 
    487 		EVP_DigestInit_ex(&ctx, md5, NULL);
    488 
    489 		OPENSSL_assert(s->session->master_key_length >= 0
    490 		    && s->session->master_key_length
    491 		    < (int)sizeof(s->session->master_key));
    492 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
    493 		EVP_DigestUpdate(&ctx,&c,1);
    494 		c++;
    495 		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
    496 		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
    497 		EVP_DigestFinal_ex(&ctx,km,NULL);
    498 		km += md_size;
    499 		}
    500 
    501 	EVP_MD_CTX_cleanup(&ctx);
    502 	return 1;
    503 	}
    504 
    505 void ssl2_return_error(SSL *s, int err)
    506 	{
    507 	if (!s->error)
    508 		{
    509 		s->error=3;
    510 		s->error_code=err;
    511 
    512 		ssl2_write_error(s);
    513 		}
    514 	}
    515 
    516 
    517 void ssl2_write_error(SSL *s)
    518 	{
    519 	unsigned char buf[3];
    520 	int i,error;
    521 
    522 	buf[0]=SSL2_MT_ERROR;
    523 	buf[1]=(s->error_code>>8)&0xff;
    524 	buf[2]=(s->error_code)&0xff;
    525 
    526 /*	state=s->rwstate;*/
    527 
    528 	error=s->error; /* number of bytes left to write */
    529 	s->error=0;
    530 	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
    531 	i=ssl2_write(s,&(buf[3-error]),error);
    532 
    533 /*	if (i == error) s->rwstate=state; */
    534 
    535 	if (i < 0)
    536 		s->error=error;
    537 	else
    538 		{
    539 		s->error=error-i;
    540 
    541 		if (s->error == 0)
    542 			if (s->msg_callback)
    543 				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
    544 		}
    545 	}
    546 
    547 int ssl2_shutdown(SSL *s)
    548 	{
    549 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
    550 	return(1);
    551 	}
    552 #else /* !OPENSSL_NO_SSL2 */
    553 
    554 # if PEDANTIC
    555 static void *dummy=&dummy;
    556 # endif
    557 
    558 #endif
    559