diff options
author | simon <simon@FreeBSD.org> | 2006-07-29 19:14:51 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2006-07-29 19:14:51 +0000 |
commit | e07cc0214a55c667871ff33ceb54311ec000283e (patch) | |
tree | f898e2a96cfe066221d2bdd627d5eddc70044a57 /crypto/openssl/ssl | |
parent | 9159ca2b0ed030ab3c19210cd933875c52c9ed3d (diff) | |
download | FreeBSD-src-e07cc0214a55c667871ff33ceb54311ec000283e.zip FreeBSD-src-e07cc0214a55c667871ff33ceb54311ec000283e.tar.gz |
Resolve conflicts after import of OpenSSL 0.9.8b.
Diffstat (limited to 'crypto/openssl/ssl')
-rw-r--r-- | crypto/openssl/ssl/s23_clnt.c | 251 | ||||
-rw-r--r-- | crypto/openssl/ssl/s23_lib.c | 62 | ||||
-rw-r--r-- | crypto/openssl/ssl/s23_srvr.c | 28 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_clnt.c | 42 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_enc.c | 2 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_lib.c | 129 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_meth.c | 26 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_srvr.c | 46 |
8 files changed, 259 insertions, 327 deletions
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index b1db0fb..ed4ee72 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -80,33 +80,15 @@ static SSL_METHOD *ssl23_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_client_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_client_method, + ssl_undefined_function, + ssl23_connect, + ssl23_get_client_method) int ssl23_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=time(NULL); + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; @@ -220,9 +202,28 @@ static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,ch_len; + int i,j,ch_len; + unsigned long Time,l; + int ssl2_compat; + int version = 0, version_major, version_minor; + SSL_COMP *comp; int ret; + ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; + + if (!(s->options & SSL_OP_NO_TLSv1)) + { + version = TLS1_VERSION; + } + else if (!(s->options & SSL_OP_NO_SSLv3)) + { + version = SSL3_VERSION; + } + else if (!(s->options & SSL_OP_NO_SSLv2)) + { + version = SSL2_VERSION; + } + buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { @@ -235,31 +236,25 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) - return -1; - - /* Do the message type and length last */ - d= &(buf[2]); - p=d+9; + Time=(unsigned long)time(NULL); /* Time */ + l2n(Time,p); + if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + return -1; - *(d++)=SSL2_MT_CLIENT_HELLO; - if (!(s->options & SSL_OP_NO_TLSv1)) + if (version == TLS1_VERSION) { - *(d++)=TLS1_VERSION_MAJOR; - *(d++)=TLS1_VERSION_MINOR; - s->client_version=TLS1_VERSION; + version_major = TLS1_VERSION_MAJOR; + version_minor = TLS1_VERSION_MINOR; } - else if (!(s->options & SSL_OP_NO_SSLv3)) + else if (version == SSL3_VERSION) { - *(d++)=SSL3_VERSION_MAJOR; - *(d++)=SSL3_VERSION_MINOR; - s->client_version=SSL3_VERSION; + version_major = SSL3_VERSION_MAJOR; + version_minor = SSL3_VERSION_MINOR; } - else if (!(s->options & SSL_OP_NO_SSLv2)) + else if (version == SSL2_VERSION) { - *(d++)=SSL2_VERSION_MAJOR; - *(d++)=SSL2_VERSION_MINOR; - s->client_version=SSL2_VERSION; + version_major = SSL2_VERSION_MAJOR; + version_minor = SSL2_VERSION_MINOR; } else { @@ -267,59 +262,153 @@ static int ssl23_client_hello(SSL *s) return(-1); } - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); - if (i == 0) + s->client_version = version; + + if (ssl2_compat) { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return(-1); - } - s2n(i,d); - p+=i; + /* create SSL 2.0 compatible Client Hello */ - /* put in the session-id, zero since there is no - * reuse. */ + /* two byte record header will be written last */ + d = &(buf[2]); + p = d + 9; /* leave space for message type, version, individual length fields */ + + *(d++) = SSL2_MT_CLIENT_HELLO; + *(d++) = version_major; + *(d++) = version_minor; + + /* Ciphers supported */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); + if (i == 0) + { + /* no ciphers */ + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } + s2n(i,d); + p+=i; + + /* put in the session-id length (zero since there is no reuse) */ #if 0 - s->session->session_id_length=0; + s->session->session_id_length=0; #endif - s2n(0,d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; + s2n(0,d); + + if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + ch_len=SSL2_CHALLENGE_LENGTH; + else + ch_len=SSL2_MAX_CHALLENGE_LENGTH; + + /* write out sslv2 challenge */ + if (SSL3_RANDOM_SIZE < ch_len) + i=SSL3_RANDOM_SIZE; + else + i=ch_len; + s2n(i,d); + memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); + if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) + return -1; + + memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + p+=i; + + i= p- &(buf[2]); + buf[0]=((i>>8)&0xff)|0x80; + buf[1]=(i&0xff); + + /* number of bytes to write */ + s->init_num=i+2; + s->init_off=0; + + ssl3_finish_mac(s,&(buf[2]),i); + } else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; + { + /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* write out sslv2 challenge */ - if (SSL3_RANDOM_SIZE < ch_len) - i=SSL3_RANDOM_SIZE; - else - i=ch_len; - s2n(i,d); - memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) - return -1; + /* do the record header (5 bytes) and handshake message header (4 bytes) last */ + d = p = &(buf[9]); + + *(p++) = version_major; + *(p++) = version_minor; + + /* Random stuff */ + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; + + /* Session ID (zero since there is no reuse) */ + *(p++) = 0; + + /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); + if (i == 0) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } + s2n(i,p); + p+=i; + + /* COMPRESSION */ + if (s->ctx->comp_methods == NULL) + j=0; + else + j=sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++)=1+j; + for (i=0; i<j; i++) + { + comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ + + l = p-d; + *p = 42; - memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - p+=i; + /* fill in 4-byte handshake header */ + d=&(buf[5]); + *(d++)=SSL3_MT_CLIENT_HELLO; + l2n3(l,d); - i= p- &(buf[2]); - buf[0]=((i>>8)&0xff)|0x80; - buf[1]=(i&0xff); + l += 4; + + if (l > SSL3_RT_MAX_PLAIN_LENGTH) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } + + /* fill in 5-byte record header */ + d=buf; + *(d++) = SSL3_RT_HANDSHAKE; + *(d++) = version_major; + *(d++) = version_minor; /* arguably we should send the *lowest* suported version here + * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ + s2n((int)l,d); + + /* number of bytes to write */ + s->init_num=p-buf; + s->init_off=0; + + ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); + } s->state=SSL23_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=i+2; s->init_off=0; - - ssl3_finish_mac(s,&(buf[2]),i); } /* SSL3_ST_CW_CLNT_HELLO_B */ ret = ssl23_write_bytes(s); - if (ret >= 2) - if (s->msg_callback) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + + if ((ret >= 2) && s->msg_callback) + { + /* Client Hello has been sent; tell msg_callback */ + + if (ssl2_compat) + s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); + else + s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); + } + return ret; } diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c index b70002a..fc29813 100644 --- a/crypto/openssl/ssl/s23_lib.c +++ b/crypto/openssl/ssl/s23_lib.c @@ -60,55 +60,17 @@ #include <openssl/objects.h> #include "ssl_locl.h" -static int ssl23_num_ciphers(void ); -static SSL_CIPHER *ssl23_get_cipher(unsigned int u); -static int ssl23_read(SSL *s, void *buf, int len); -static int ssl23_peek(SSL *s, void *buf, int len); -static int ssl23_write(SSL *s, const void *buf, int len); -static long ssl23_default_timeout(void ); -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; - -static SSL_METHOD SSLv23_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl23_read, - ssl23_peek, - ssl23_write, - ssl_undefined_function, - ssl_undefined_function, - ssl_ok, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl23_get_cipher_by_char, - ssl23_put_cipher_by_char, - ssl_undefined_function, - ssl23_num_ciphers, - ssl23_get_cipher, - ssl_bad_method, - ssl23_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl23_default_timeout(void) +long ssl23_default_timeout(void) { return(300); } -SSL_METHOD *sslv23_base_method(void) - { - return(&SSLv23_data); - } +IMPLEMENT_ssl23_meth_func(sslv23_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) -static int ssl23_num_ciphers(void) +int ssl23_num_ciphers(void) { return(ssl3_num_ciphers() #ifndef OPENSSL_NO_SSL2 @@ -117,7 +79,7 @@ static int ssl23_num_ciphers(void) ); } -static SSL_CIPHER *ssl23_get_cipher(unsigned int u) +SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -133,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) /* This function needs to check if the ciphers required are actually * available */ -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; @@ -151,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) return(cp); } -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; @@ -166,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -static int ssl23_read(SSL *s, void *buf, int len) +int ssl23_read(SSL *s, void *buf, int len) { int n; @@ -189,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len) } } -static int ssl23_peek(SSL *s, void *buf, int len) +int ssl23_peek(SSL *s, void *buf, int len) { int n; @@ -212,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len) } } -static int ssl23_write(SSL *s, const void *buf, int len) +int ssl23_write(SSL *s, const void *buf, int len) { int n; diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index 5139477..da4f377 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -132,33 +132,15 @@ static SSL_METHOD *ssl23_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_server_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_server_method, + ssl23_accept, + ssl_undefined_function, + ssl23_get_server_method) int ssl23_accept(SSL *s) { BUF_MEM *buf; - unsigned long Time=time(NULL); + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index c67829f..efb5248 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -137,32 +137,14 @@ static SSL_METHOD *ssl2_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_client_data.ssl_connect=ssl2_connect; - SSLv2_client_data.get_ssl_method=ssl2_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_client_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_client_method, + ssl_undefined_function, + ssl2_connect, + ssl2_get_client_method) int ssl2_connect(SSL *s) { - unsigned long l=time(NULL); + unsigned long l=(unsigned long)time(NULL); BUF_MEM *buf=NULL; int ret= -1; void (*cb)(const SSL *ssl,int type,int val)=NULL; @@ -584,7 +566,7 @@ static int client_hello(SSL *s) s2n(SSL2_VERSION,p); /* version */ n=j=0; - n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); + n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0); d+=n; if (n == 0) @@ -612,7 +594,7 @@ static int client_hello(SSL *s) s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ /*challenge id data*/ - if(RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) + if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) return -1; memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); d+=SSL2_CHALLENGE_LENGTH; @@ -662,7 +644,7 @@ static int client_master_key(SSL *s) return -1; } if (i > 0) - if(RAND_pseudo_bytes(sess->key_arg,i) <= 0) + if (RAND_pseudo_bytes(sess->key_arg,i) <= 0) return -1; /* make a master key */ @@ -670,7 +652,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - if (i > sizeof sess->master_key) + if (i > (int)sizeof(sess->master_key)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); @@ -690,7 +672,7 @@ static int client_master_key(SSL *s) else enc=i; - if (i < enc) + if ((int)i < enc) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); @@ -719,7 +701,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - if (karg > sizeof sess->key_arg) + if (karg > (int)sizeof(sess->key_arg)) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); @@ -1037,7 +1019,7 @@ static int get_server_finished(SSL *s) } /* loads in the certificate from the server */ -int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) +int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) { STACK_OF(X509) *sk=NULL; EVP_PKEY *pkey=NULL; diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c index 21a06f7..18882bf 100644 --- a/crypto/openssl/ssl/s2_enc.c +++ b/crypto/openssl/ssl/s2_enc.c @@ -100,7 +100,7 @@ int ssl2_enc_init(SSL *s, int client) if (ssl2_generate_key_material(s) <= 0) return 0; - OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index edcef4d..d2cce75 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -59,16 +59,15 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include <stdio.h> -#include <openssl/rsa.h> #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> -static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) +/* list of available SSLv2 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* NULL_WITH_MD5 v3 */ #if 0 @@ -85,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, #endif -/* RC4_128_EXPORT40_WITH_MD5 */ - { - 1, - SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, - SSL2_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, - SSL2_CF_5_BYTE_ENC, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, /* RC4_128_WITH_MD5 */ { 1, @@ -111,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -/* RC2_128_CBC_EXPORT40_WITH_MD5 */ +/* RC4_128_EXPORT40_WITH_MD5 */ { 1, - SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, + SSL2_CK_RC4_128_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, 40, @@ -137,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +/* RC2_128_CBC_EXPORT40_WITH_MD5 */ + { + 1, + SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL_EXPORT|SSL_EXP40, + SSL2_CF_5_BYTE_ENC, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, /* IDEA_128_CBC_WITH_MD5 */ #ifndef OPENSSL_NO_IDEA { @@ -212,43 +211,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* end of list :-) */ }; -static SSL_METHOD SSLv2_data= { - SSL2_VERSION, - ssl2_new, /* local */ - ssl2_clear, /* local */ - ssl2_free, /* local */ - ssl_undefined_function, - ssl_undefined_function, - ssl2_read, - ssl2_peek, - ssl2_write, - ssl2_shutdown, - ssl_ok, /* NULL - renegotiate */ - ssl_ok, /* NULL - check renegotiate */ - ssl2_ctrl, /* local */ - ssl2_ctx_ctrl, /* local */ - ssl2_get_cipher_by_char, - ssl2_put_cipher_by_char, - ssl2_pending, - ssl2_num_ciphers, - ssl2_get_cipher, - ssl_bad_method, - ssl2_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_function, - ssl2_callback_ctrl, /* local */ - ssl2_ctx_callback_ctrl, /* local */ - }; - -static long ssl2_default_timeout(void) +long ssl2_default_timeout(void) { return(300); } -SSL_METHOD *sslv2_base_method(void) - { - return(&SSLv2_data); - } +IMPLEMENT_ssl2_meth_func(sslv2_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int ssl2_num_ciphers(void) { @@ -263,7 +234,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u) return(NULL); } -int ssl2_pending(SSL *s) +int ssl2_pending(const SSL *s) { return SSL_in_init(s) ? 0 : s->s2->ract_data_length; } @@ -349,7 +320,7 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) return(ret); } -long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) +long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { return(0); } @@ -359,7 +330,7 @@ long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return(0); } -long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) +long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { return(0); } @@ -368,42 +339,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) * available */ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { - static int init=1; - static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; - SSL_CIPHER c,*cp= &c,**cpp; + SSL_CIPHER c,*cp; unsigned long id; - int i; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - - if (init) - { - for (i=0; i<SSL2_NUM_CIPHERS; i++) - sorted[i]= &(ssl2_ciphers[i]); - - qsort((char *)sorted, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - FP_ICC ssl_cipher_ptr_id_cmp); - - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - } id=0x02000000L|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; - cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, - (char *)sorted, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - FP_ICC ssl_cipher_ptr_id_cmp); - if ((cpp == NULL) || !(*cpp)->valid) - return(NULL); + cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, + (char *)ssl2_ciphers, + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), + FP_ICC ssl_cipher_id_cmp); + if ((cp == NULL) || (cp->valid == 0)) + return NULL; else - return(*cpp); + return cp; } int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) @@ -438,7 +387,8 @@ int ssl2_generate_key_material(SSL *s) EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + if (s->session->master_key_length < 0 || + s->session->master_key_length > (int)sizeof(s->session->master_key)) { SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; @@ -446,7 +396,8 @@ int ssl2_generate_key_material(SSL *s) for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > + (int)sizeof(s->s2->key_material)) { /* EVP_DigestFinal_ex() below would write beyond buffer */ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); @@ -457,7 +408,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < sizeof s->session->master_key); + < (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -496,7 +447,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - OPENSSL_assert(error >= 0 && error <= sizeof buf); + OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c index 8b6cbd0..a35e435 100644 --- a/crypto/openssl/ssl/s2_meth.c +++ b/crypto/openssl/ssl/s2_meth.c @@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_data; +IMPLEMENT_ssl2_meth_func(SSLv2_method, + ssl2_accept, + ssl2_connect, + ssl2_get_method) - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_data.ssl_connect=ssl2_connect; - SSLv2_data.ssl_accept=ssl2_accept; - SSLv2_data.get_ssl_method=ssl2_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_data); - } #else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 853871f..27d71a2 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -137,32 +137,14 @@ static SSL_METHOD *ssl2_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_server_data.ssl_accept=ssl2_accept; - SSLv2_server_data.get_ssl_method=ssl2_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_server_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_server_method, + ssl2_accept, + ssl_undefined_function, + ssl2_get_server_method) int ssl2_accept(SSL *s) { - unsigned long l=time(NULL); + unsigned long l=(unsigned long)time(NULL); BUF_MEM *buf=NULL; int ret= -1; long num1; @@ -498,8 +480,8 @@ static int get_client_master_key(SSL *s) i=ek; else i=EVP_CIPHER_key_length(c); - if(RAND_pseudo_bytes(p,i) <= 0) - return 0; + if (RAND_pseudo_bytes(p,i) <= 0) + return 0; } #else if (i < 0) @@ -797,7 +779,7 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ sk= s->session->ciphers; - n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d); + n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ } @@ -805,8 +787,8 @@ static int server_hello(SSL *s) /* make and send conn_id */ s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; - if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) - return -1; + if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) + return -1; memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); d+=SSL2_CONNECTION_ID_LENGTH; @@ -938,6 +920,7 @@ static int server_finish(SSL *s) /* send the request and check the response */ static int request_certificate(SSL *s) { + const unsigned char *cp; unsigned char *p,*p2,*buf2; unsigned char *ccd; int i,j,ctype,ret= -1; @@ -951,7 +934,7 @@ static int request_certificate(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_REQUEST_CERTIFICATE; *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; - if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) + if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) return -1; memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); @@ -1055,7 +1038,8 @@ static int request_certificate(SSL *s) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ p += 6; - x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); + cp = p; + x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen); if (x509 == NULL) { SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); @@ -1095,7 +1079,7 @@ static int request_certificate(SSL *s) pkey=X509_get_pubkey(x509); if (pkey == NULL) goto end; - i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); + i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey); EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); |