diff options
author | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
commit | aad1d64cb5a8d9b503d9199642363dc1e92d2f9b (patch) | |
tree | 610a51c6e3965764fb0f1629c1376e2d23afffe8 /crypto/openssl/ssl/s2_lib.c | |
parent | eba366e36e93f5da8ae5c744eb337c3ef6872641 (diff) | |
download | FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.zip FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.tar.gz |
Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
Diffstat (limited to 'crypto/openssl/ssl/s2_lib.c')
-rw-r--r-- | crypto/openssl/ssl/s2_lib.c | 82 |
1 files changed, 49 insertions, 33 deletions
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index 01d1e97..910b9fe 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -57,10 +57,11 @@ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/rsa.h> #include <openssl/objects.h> +#include <openssl/evp.h> #include <openssl/md5.h> #include "cryptlib.h" @@ -307,7 +308,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } @@ -332,7 +333,7 @@ void ssl2_clear(SSL *s) s->packet_length=0; } -long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -352,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) return(0); } -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return(0); } @@ -376,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); - for (i=0; i<SSL2_NUM_CIPHERS; i++) - sorted[i]= &(ssl2_ciphers[i]); + if (init) + { + for (i=0; i<SSL2_NUM_CIPHERS; i++) + sorted[i]= &(ssl2_ciphers[i]); - qsort( (char *)sorted, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - FP_ICC ssl_cipher_ptr_id_cmp); + qsort((char *)sorted, + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), + FP_ICC ssl_cipher_ptr_id_cmp); + init=0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - init=0; } id=0x02000000L|((unsigned long)p[0]<<16L)| @@ -418,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) int ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see SSLv2 docu */ #endif - + EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) - { - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); - return 0; - } + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } - for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) + for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) { - /* MD5_Final() below would write beyond buffer */ - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; } - MD5_Init(&ctx); + EVP_DigestInit_ex(&ctx, md5, NULL); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + OPENSSL_assert(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); - km+=MD5_DIGEST_LENGTH; + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal_ex(&ctx,km,NULL); + km += EVP_MD_size(md5); } + EVP_MD_CTX_cleanup(&ctx); return 1; } @@ -483,17 +495,21 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - if (error < 0 || error > sizeof buf) /* can't happen */ - return; - + OPENSSL_assert(error >= 0 && error <= sizeof buf); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; - else if (i != s->error) + else + { s->error=error-i; + + if (s->error == 0) + if (s->msg_callback) + s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ + } } int ssl2_shutdown(SSL *s) @@ -501,7 +517,7 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; |