From 9b77a555b5e85a4473f23ac7342ddfb4d9ff309d Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Sun, 10 Oct 1999 21:32:04 +0000 Subject: This commit was manufactured by cvs2git to create branch 'OPENBSD_2_6'. --- src/lib/libssl/s3_both.c | 468 ----------------------------------------------- 1 file changed, 468 deletions(-) delete mode 100644 src/lib/libssl/s3_both.c (limited to 'src/lib/libssl/s3_both.c') diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c deleted file mode 100644 index f3f27715d5..0000000000 --- a/src/lib/libssl/s3_both.c +++ /dev/null @@ -1,468 +0,0 @@ -/* ssl/s3_both.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include -#include "ssl_locl.h" - -int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender, - int slen) - { - unsigned char *p,*d; - int i; - unsigned long l; - - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - i=s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), - sender,slen,p); - p+=i; - l=i; - -#ifdef WIN16 - /* MSVC 1.5 does not clear the top bytes of the word unless - * I do this. - */ - l&=0xffff; -#endif - - *(d++)=SSL3_MT_FINISHED; - l2n3(l,d); - s->init_num=(int)l+4; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_get_finished(SSL *s, int a, int b) - { - int al,i,ok; - long n; - unsigned char *p; - - /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.in_dgst[12] - */ - - n=ssl3_get_message(s, - a, - b, - SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ - &ok); - - if (!ok) return((int)n); - - /* If this occurs if we has missed a message */ - if (!s->s3->change_cipher_spec) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto f_err; - } - s->s3->change_cipher_spec=0; - - p=(unsigned char *)s->init_buf->data; - - i=s->method->ssl3_enc->finish_mac_length; - - if (i != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); - goto f_err; - } - - if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); - goto f_err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(0); - } - -/* for these 2 messages, we need to - * ssl->enc_read_ctx re-init - * ssl->s3->read_sequence zero - * ssl->s3->read_mac_secret re-init - * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign - * ssl->session->read_hash assign - */ -int ssl3_send_change_cipher_spec(SSL *s, int a, int b) - { - unsigned char *p; - - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p=SSL3_MT_CCS; - s->init_num=1; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_CW_CHANGE_B */ - return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } - -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) - { - unsigned char *p; - int n,i; - unsigned long l=7; - BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow(buf,(int)(10))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL); - - for (;;) - { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - - X509_STORE_CTX_cleanup(&xs_ctx); - } - - /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) - for (i=0; ictx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - } - - l-=7; - p=(unsigned char *)&(buf->data[4]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - *(p++)=SSL3_MT_CERTIFICATE; - l2n3(l,p); - l+=4; - return(l); - } - -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - unsigned char *p; - unsigned long l; - long n; - int i,al; - - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok=1; - return((int)s->s3->tmp.message_size); - } - - p=(unsigned char *)s->init_buf->data; - - if (s->state == st1) - { - i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], - 4-s->init_num); - if (i < (4-s->init_num)) - { - *ok=0; - return(ssl3_part_read(s,i)); - } - - if ((mt >= 0) && (*p != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - s->s3->tmp.message_type= *(p++); - - n2l3(p,l); - if (l > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l && !BUF_MEM_grow(s->init_buf,(int)l)) - { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); - goto err; - } - s->s3->tmp.message_size=l; - s->state=stn; - - s->init_num=0; - } - - /* next state (stn) */ - p=(unsigned char *)s->init_buf->data; - n=s->s3->tmp.message_size; - if (n > 0) - { - i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n); - if (i != (int)n) - { - *ok=0; - return(ssl3_part_read(s,i)); - } - } - *ok=1; - return(n); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - *ok=0; - return(-1); - } - -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) - { - EVP_PKEY *pk; - int ret= -1,i,j; - - if (pkey == NULL) - pk=X509_get_pubkey(x); - else - pk=pkey; - if (pk == NULL) goto err; - - i=pk->type; - if (i == EVP_PKEY_RSA) - { - ret=SSL_PKEY_RSA_ENC; - if (x != NULL) - { - j=X509_get_ext_count(x); - /* check to see if this is a signing only certificate */ - /* EAY EAY EAY EAY */ - } - } - else if (i == EVP_PKEY_DSA) - { - ret=SSL_PKEY_DSA_SIGN; - } - else if (i == EVP_PKEY_DH) - { - /* if we just have a key, we needs to be guess */ - - if (x == NULL) - ret=SSL_PKEY_DH_DSA; - else - { - j=X509_get_signature_type(x); - if (j == EVP_PKEY_RSA) - ret=SSL_PKEY_DH_RSA; - else if (j== EVP_PKEY_DSA) - ret=SSL_PKEY_DH_DSA; - else ret= -1; - } - } - else - ret= -1; - -err: - if(!pkey) EVP_PKEY_free(pk); - return(ret); - } - -int ssl_verify_alarm_type(long type) - { - int al; - - switch(type) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_GET_CRL: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CRL_NOT_YET_VALID: - al=SSL_AD_BAD_CERTIFICATE; - break; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al=SSL_AD_DECRYPT_ERROR; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_HAS_EXPIRED: - al=SSL_AD_CERTIFICATE_EXPIRED; - break; - case X509_V_ERR_CERT_REVOKED: - al=SSL_AD_CERTIFICATE_REVOKED; - break; - case X509_V_ERR_OUT_OF_MEM: - al=SSL_AD_INTERNAL_ERROR; - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_APPLICATION_VERIFICATION: - al=SSL_AD_HANDSHAKE_FAILURE; - break; - default: - al=SSL_AD_CERTIFICATE_UNKNOWN; - break; - } - return(al); - } - -int ssl3_setup_buffers(SSL *s) - { - unsigned char *p; - unsigned int extra; - - if (s->s3->rbuf.buf == NULL) - { - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra=SSL3_RT_MAX_EXTRA; - else - extra=0; - if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) - == NULL) - goto err; - s->s3->rbuf.buf=p; - } - - if (s->s3->wbuf.buf == NULL) - { - if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE)) - == NULL) - goto err; - s->s3->wbuf.buf=p; - } - s->packet= &(s->s3->rbuf.buf[0]); - return(1); -err: - SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE); - return(0); - } -- cgit v1.2.3-55-g6feb