1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/s2_lib.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,511 @@
1.4 +/* ssl/s2_lib.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/*
1.62 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.63 + */
1.64 +
1.65 +#include "ssl_locl.h"
1.66 +#ifndef OPENSSL_NO_SSL2
1.67 +#include <stdio.h>
1.68 +#include <openssl/objects.h>
1.69 +#include <openssl/evp.h>
1.70 +#include <openssl/md5.h>
1.71 +
1.72 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.73 +#include "libssl_wsd.h"
1.74 +#endif
1.75 +
1.76 +#ifdef EMULATOR
1.77 +
1.78 + GET_STATIC_VAR_FROM_TLS(sslv2_base_method_data,s2_lib,SSL_METHOD)
1.79 +
1.80 + #define sslv2_base_method_data (*GET_WSD_VAR_NAME(sslv2_base_method_data,s2_lib,s)())
1.81 +
1.82 +#endif
1.83 +
1.84 +const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
1.85 +
1.86 +#ifndef EMULATOR
1.87 +#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
1.88 +/* #else */
1.89 +/* #define SSL2_NUM_CIPHERS 10 Defined in libssl_wsd.h */
1.90 +#endif
1.91 +
1.92 +/* list of available SSLv2 ciphers (sorted by id) */
1.93 +
1.94 +
1.95 +#ifdef EMULATOR
1.96 +
1.97 + GET_GLOBAL_ARRAY_FROM_TLS(ssl2_ciphers,s2_lib,SSL_CIPHER)
1.98 +
1.99 + #define ssl2_ciphers (GET_WSD_VAR_NAME(ssl2_ciphers,s2_lib,g)())
1.100 +
1.101 +#endif
1.102 +
1.103 +#ifndef EMULATOR
1.104 +OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
1.105 +#else
1.106 +OPENSSL_GLOBAL const SSL_CIPHER temp_ssl2_ciphers[]={
1.107 +#endif
1.108 +/* NULL_WITH_MD5 v3 */
1.109 +#if 0
1.110 + {
1.111 + 1,
1.112 + SSL2_TXT_NULL_WITH_MD5,
1.113 + SSL2_CK_NULL_WITH_MD5,
1.114 + SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
1.115 + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
1.116 + 0,
1.117 + 0,
1.118 + 0,
1.119 + SSL_ALL_CIPHERS,
1.120 + SSL_ALL_STRENGTHS,
1.121 + },
1.122 +#endif
1.123 +/* RC4_128_WITH_MD5 */
1.124 + {
1.125 + 1,
1.126 + SSL2_TXT_RC4_128_WITH_MD5,
1.127 + SSL2_CK_RC4_128_WITH_MD5,
1.128 + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1.129 + SSL_NOT_EXP|SSL_MEDIUM,
1.130 + 0,
1.131 + 128,
1.132 + 128,
1.133 + SSL_ALL_CIPHERS,
1.134 + SSL_ALL_STRENGTHS,
1.135 + },
1.136 +/* RC4_128_EXPORT40_WITH_MD5 */
1.137 + {
1.138 + 1,
1.139 + SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
1.140 + SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
1.141 + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1.142 + SSL_EXPORT|SSL_EXP40,
1.143 + SSL2_CF_5_BYTE_ENC,
1.144 + 40,
1.145 + 128,
1.146 + SSL_ALL_CIPHERS,
1.147 + SSL_ALL_STRENGTHS,
1.148 + },
1.149 +/* RC2_128_CBC_WITH_MD5 */
1.150 + {
1.151 + 1,
1.152 + SSL2_TXT_RC2_128_CBC_WITH_MD5,
1.153 + SSL2_CK_RC2_128_CBC_WITH_MD5,
1.154 + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1.155 + SSL_NOT_EXP|SSL_MEDIUM,
1.156 + 0,
1.157 + 128,
1.158 + 128,
1.159 + SSL_ALL_CIPHERS,
1.160 + SSL_ALL_STRENGTHS,
1.161 + },
1.162 +/* RC2_128_CBC_EXPORT40_WITH_MD5 */
1.163 + {
1.164 + 1,
1.165 + SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
1.166 + SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
1.167 + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
1.168 + SSL_EXPORT|SSL_EXP40,
1.169 + SSL2_CF_5_BYTE_ENC,
1.170 + 40,
1.171 + 128,
1.172 + SSL_ALL_CIPHERS,
1.173 + SSL_ALL_STRENGTHS,
1.174 + },
1.175 +/* IDEA_128_CBC_WITH_MD5 */
1.176 +#ifndef OPENSSL_NO_IDEA
1.177 + {
1.178 + 1,
1.179 + SSL2_TXT_IDEA_128_CBC_WITH_MD5,
1.180 + SSL2_CK_IDEA_128_CBC_WITH_MD5,
1.181 + SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
1.182 + SSL_NOT_EXP|SSL_MEDIUM,
1.183 + 0,
1.184 + 128,
1.185 + 128,
1.186 + SSL_ALL_CIPHERS,
1.187 + SSL_ALL_STRENGTHS,
1.188 + },
1.189 +#endif
1.190 +/* DES_64_CBC_WITH_MD5 */
1.191 + {
1.192 + 1,
1.193 + SSL2_TXT_DES_64_CBC_WITH_MD5,
1.194 + SSL2_CK_DES_64_CBC_WITH_MD5,
1.195 + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
1.196 + SSL_NOT_EXP|SSL_LOW,
1.197 + 0,
1.198 + 56,
1.199 + 56,
1.200 + SSL_ALL_CIPHERS,
1.201 + SSL_ALL_STRENGTHS,
1.202 + },
1.203 +/* DES_192_EDE3_CBC_WITH_MD5 */
1.204 + {
1.205 + 1,
1.206 + SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
1.207 + SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
1.208 + SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
1.209 + SSL_NOT_EXP|SSL_HIGH,
1.210 + 0,
1.211 + 168,
1.212 + 168,
1.213 + SSL_ALL_CIPHERS,
1.214 + SSL_ALL_STRENGTHS,
1.215 + },
1.216 +/* RC4_64_WITH_MD5 */
1.217 +#if 0
1.218 + {
1.219 + 1,
1.220 + SSL2_TXT_RC4_64_WITH_MD5,
1.221 + SSL2_CK_RC4_64_WITH_MD5,
1.222 + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
1.223 + SSL_NOT_EXP|SSL_LOW,
1.224 + SSL2_CF_8_BYTE_ENC,
1.225 + 64,
1.226 + 64,
1.227 + SSL_ALL_CIPHERS,
1.228 + SSL_ALL_STRENGTHS,
1.229 + },
1.230 +#endif
1.231 +/* NULL SSLeay (testing) */
1.232 +#if 0
1.233 + {
1.234 + 0,
1.235 + SSL2_TXT_NULL,
1.236 + SSL2_CK_NULL,
1.237 + 0,
1.238 + SSL_STRONG_NONE,
1.239 + 0,
1.240 + 0,
1.241 + 0,
1.242 + SSL_ALL_CIPHERS,
1.243 + SSL_ALL_STRENGTHS,
1.244 + },
1.245 +#endif
1.246 +
1.247 +/* end of list :-) */
1.248 + };
1.249 +
1.250 +long ssl2_default_timeout(void)
1.251 + {
1.252 + return(300);
1.253 + }
1.254 +
1.255 +IMPLEMENT_ssl2_meth_func(sslv2_base_method,
1.256 + ssl_undefined_function,
1.257 + ssl_undefined_function,
1.258 + ssl_bad_method)
1.259 +
1.260 +int ssl2_num_ciphers(void)
1.261 + {
1.262 + return(SSL2_NUM_CIPHERS);
1.263 + }
1.264 +
1.265 +SSL_CIPHER *ssl2_get_cipher(unsigned int u)
1.266 + {
1.267 + if (u < SSL2_NUM_CIPHERS)
1.268 + return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
1.269 + else
1.270 + return(NULL);
1.271 + }
1.272 +
1.273 +int ssl2_pending(const SSL *s)
1.274 + {
1.275 + return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
1.276 + }
1.277 +
1.278 +int ssl2_new(SSL *s)
1.279 + {
1.280 + SSL2_STATE *s2;
1.281 +
1.282 + if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
1.283 + memset(s2,0,sizeof *s2);
1.284 +
1.285 +#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
1.286 +# error "assertion failed"
1.287 +#endif
1.288 +
1.289 + if ((s2->rbuf=OPENSSL_malloc(
1.290 + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
1.291 + /* wbuf needs one byte more because when using two-byte headers,
1.292 + * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
1.293 + if ((s2->wbuf=OPENSSL_malloc(
1.294 + SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
1.295 + s->s2=s2;
1.296 +
1.297 + ssl2_clear(s);
1.298 + return(1);
1.299 +err:
1.300 + if (s2 != NULL)
1.301 + {
1.302 + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
1.303 + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
1.304 + OPENSSL_free(s2);
1.305 + }
1.306 + return(0);
1.307 + }
1.308 +
1.309 +void ssl2_free(SSL *s)
1.310 + {
1.311 + SSL2_STATE *s2;
1.312 +
1.313 + if(s == NULL)
1.314 + return;
1.315 +
1.316 + s2=s->s2;
1.317 + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
1.318 + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
1.319 + OPENSSL_cleanse(s2,sizeof *s2);
1.320 + OPENSSL_free(s2);
1.321 + s->s2=NULL;
1.322 + }
1.323 +
1.324 +void ssl2_clear(SSL *s)
1.325 + {
1.326 + SSL2_STATE *s2;
1.327 + unsigned char *rbuf,*wbuf;
1.328 +
1.329 + s2=s->s2;
1.330 +
1.331 + rbuf=s2->rbuf;
1.332 + wbuf=s2->wbuf;
1.333 +
1.334 + memset(s2,0,sizeof *s2);
1.335 +
1.336 + s2->rbuf=rbuf;
1.337 + s2->wbuf=wbuf;
1.338 + s2->clear_text=1;
1.339 + s->packet=s2->rbuf;
1.340 + s->version=SSL2_VERSION;
1.341 + s->packet_length=0;
1.342 + }
1.343 +
1.344 +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
1.345 + {
1.346 + int ret=0;
1.347 +
1.348 + switch(cmd)
1.349 + {
1.350 + case SSL_CTRL_GET_SESSION_REUSED:
1.351 + ret=s->hit;
1.352 + break;
1.353 + default:
1.354 + break;
1.355 + }
1.356 + return(ret);
1.357 + }
1.358 +
1.359 +long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1.360 + {
1.361 + return(0);
1.362 + }
1.363 +
1.364 +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1.365 + {
1.366 + return(0);
1.367 + }
1.368 +
1.369 +long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1.370 + {
1.371 + return(0);
1.372 + }
1.373 +
1.374 +/* This function needs to check if the ciphers required are actually
1.375 + * available */
1.376 +SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
1.377 + {
1.378 + SSL_CIPHER c,*cp;
1.379 + unsigned long id;
1.380 +
1.381 + id=0x02000000L|((unsigned long)p[0]<<16L)|
1.382 + ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
1.383 + c.id=id;
1.384 + cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
1.385 + (char *)ssl2_ciphers,
1.386 + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
1.387 + FP_ICC ssl_cipher_id_cmp);
1.388 + if ((cp == NULL) || (cp->valid == 0))
1.389 + return NULL;
1.390 + else
1.391 + return cp;
1.392 + }
1.393 +
1.394 +int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
1.395 + {
1.396 + long l;
1.397 +
1.398 + if (p != NULL)
1.399 + {
1.400 + l=c->id;
1.401 + if ((l & 0xff000000) != 0x02000000) return(0);
1.402 + p[0]=((unsigned char)(l>>16L))&0xFF;
1.403 + p[1]=((unsigned char)(l>> 8L))&0xFF;
1.404 + p[2]=((unsigned char)(l ))&0xFF;
1.405 + }
1.406 + return(3);
1.407 + }
1.408 +
1.409 +int ssl2_generate_key_material(SSL *s)
1.410 + {
1.411 + unsigned int i;
1.412 + EVP_MD_CTX ctx;
1.413 + unsigned char *km;
1.414 + unsigned char c='0';
1.415 + const EVP_MD *md5;
1.416 +
1.417 + md5 = EVP_md5();
1.418 +
1.419 +#ifdef CHARSET_EBCDIC
1.420 + c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
1.421 + see SSLv2 docu */
1.422 +#endif
1.423 + EVP_MD_CTX_init(&ctx);
1.424 + km=s->s2->key_material;
1.425 +
1.426 + if (s->session->master_key_length < 0 ||
1.427 + s->session->master_key_length > (int)sizeof(s->session->master_key))
1.428 + {
1.429 + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
1.430 + return 0;
1.431 + }
1.432 +
1.433 + for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
1.434 + {
1.435 + if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
1.436 + (int)sizeof(s->s2->key_material))
1.437 + {
1.438 + /* EVP_DigestFinal_ex() below would write beyond buffer */
1.439 + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
1.440 + return 0;
1.441 + }
1.442 +
1.443 + EVP_DigestInit_ex(&ctx, md5, NULL);
1.444 +
1.445 + OPENSSL_assert(s->session->master_key_length >= 0
1.446 + && s->session->master_key_length
1.447 + < (int)sizeof(s->session->master_key));
1.448 + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
1.449 + EVP_DigestUpdate(&ctx,&c,1);
1.450 + c++;
1.451 + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
1.452 + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
1.453 + EVP_DigestFinal_ex(&ctx,km,NULL);
1.454 + km += EVP_MD_size(md5);
1.455 + }
1.456 +
1.457 + EVP_MD_CTX_cleanup(&ctx);
1.458 + return 1;
1.459 + }
1.460 +
1.461 +void ssl2_return_error(SSL *s, int err)
1.462 + {
1.463 + if (!s->error)
1.464 + {
1.465 + s->error=3;
1.466 + s->error_code=err;
1.467 +
1.468 + ssl2_write_error(s);
1.469 + }
1.470 + }
1.471 +
1.472 +
1.473 +void ssl2_write_error(SSL *s)
1.474 + {
1.475 + unsigned char buf[3];
1.476 + int i,error;
1.477 +
1.478 + buf[0]=SSL2_MT_ERROR;
1.479 + buf[1]=(s->error_code>>8)&0xff;
1.480 + buf[2]=(s->error_code)&0xff;
1.481 +
1.482 +/* state=s->rwstate;*/
1.483 +
1.484 + error=s->error; /* number of bytes left to write */
1.485 + s->error=0;
1.486 + OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
1.487 + i=ssl2_write(s,&(buf[3-error]),error);
1.488 +
1.489 +/* if (i == error) s->rwstate=state; */
1.490 +
1.491 + if (i < 0)
1.492 + s->error=error;
1.493 + else
1.494 + {
1.495 + s->error=error-i;
1.496 +
1.497 + if (s->error == 0)
1.498 + if (s->msg_callback)
1.499 + s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
1.500 + }
1.501 + }
1.502 +
1.503 +int ssl2_shutdown(SSL *s)
1.504 + {
1.505 + s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1.506 + return(1);
1.507 + }
1.508 +#else /* !OPENSSL_NO_SSL2 */
1.509 +
1.510 +# if PEDANTIC
1.511 +static void *dummy=&dummy;
1.512 +# endif
1.513 +
1.514 +#endif