1: /* ssl/s2_srvr.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: 
  112: #include "ssl_locl.h"
  113: #ifndef OPENSSL_NO_SSL2
  114: #include <stdio.h>
  115: #include <openssl/bio.h>
  116: #include <openssl/rand.h>
  117: #include <openssl/objects.h>
  118: #include <openssl/evp.h>
  119: 
  120: static SSL_METHOD *ssl2_get_server_method(int ver);
  121: static int get_client_master_key(SSL *s);
  122: static int get_client_hello(SSL *s);
  123: static int server_hello(SSL *s); 
  124: static int get_client_finished(SSL *s);
  125: static int server_verify(SSL *s);
  126: static int server_finish(SSL *s);
  127: static int request_certificate(SSL *s);
  128: static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
  129:         unsigned char *to,int padding);
  130: #define BREAK   break
  131: 
  132: static SSL_METHOD *ssl2_get_server_method(int ver)
  133:         {
  134:         if (ver == SSL2_VERSION)
  135:                 return(SSLv2_server_method());
  136:         else
  137:                 return(NULL);
  138:         }
  139: 
  140: IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
  141:                         ssl2_accept,
  142:                         ssl_undefined_function,
  143:                         ssl2_get_server_method)
  144: 
  145: int ssl2_accept(SSL *s)
  146:         {
  147:         unsigned long l=(unsigned long)time(NULL);
  148:         BUF_MEM *buf=NULL;
  149:         int ret= -1;
  150:         long num1;
  151:         void (*cb)(const SSL *ssl,int type,int val)=NULL;
  152:         int new_state,state;
  153: 
  154:         RAND_add(&l,sizeof(l),0);
  155:         ERR_clear_error();
  156:         clear_sys_error();
  157: 
  158:         if (s->info_callback != NULL)
  159:                 cb=s->info_callback;
  160:         else if (s->ctx->info_callback != NULL)
  161:                 cb=s->ctx->info_callback;
  162: 
  163:         /* init things to blank */
  164:         s->in_handshake++;
  165:         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  166: 
  167:         if (s->cert == NULL)
  168:                 {
  169:                 SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
  170:                 return(-1);
  171:                 }
  172: 
  173:         clear_sys_error();
  174:         for (;;)
  175:                 {
  176:                 state=s->state;
  177: 
  178:                 switch (s->state)
  179:                         {
  180:                 case SSL_ST_BEFORE:
  181:                 case SSL_ST_ACCEPT:
  182:                 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
  183:                 case SSL_ST_OK|SSL_ST_ACCEPT:
  184: 
  185:                         s->server=1;
  186:                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  187: 
  188:                         s->version=SSL2_VERSION;
  189:                         s->type=SSL_ST_ACCEPT;
  190: 
  191:                         buf=s->init_buf;
  192:                         if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
  193:                                 { ret= -1; goto end; }
  194:                         if (!BUF_MEM_grow(buf,(int)
  195:                                 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
  196:                                 { ret= -1; goto end; }
  197:                         s->init_buf=buf;
  198:                         s->init_num=0;
  199:                         s->ctx->stats.sess_accept++;
  200:                         s->handshake_func=ssl2_accept;
  201:                         s->state=SSL2_ST_GET_CLIENT_HELLO_A;
  202:                         BREAK;
  203: 
  204:                 case SSL2_ST_GET_CLIENT_HELLO_A:
  205:                 case SSL2_ST_GET_CLIENT_HELLO_B:
  206:                 case SSL2_ST_GET_CLIENT_HELLO_C:
  207:                         s->shutdown=0;
  208:                         ret=get_client_hello(s);
  209:                         if (ret <= 0) goto end;
  210:                         s->init_num=0;
  211:                         s->state=SSL2_ST_SEND_SERVER_HELLO_A;
  212:                         BREAK;
  213: 
  214:                 case SSL2_ST_SEND_SERVER_HELLO_A:
  215:                 case SSL2_ST_SEND_SERVER_HELLO_B:
  216:                         ret=server_hello(s);
  217:                         if (ret <= 0) goto end;
  218:                         s->init_num=0;
  219:                         if (!s->hit)
  220:                                 {
  221:                                 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
  222:                                 BREAK;
  223:                                 }
  224:                         else
  225:                                 {
  226:                                 s->state=SSL2_ST_SERVER_START_ENCRYPTION;
  227:                                 BREAK;
  228:                                 }
  229:                 case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
  230:                 case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
  231:                         ret=get_client_master_key(s);
  232:                         if (ret <= 0) goto end;
  233:                         s->init_num=0;
  234:                         s->state=SSL2_ST_SERVER_START_ENCRYPTION;
  235:                         BREAK;
  236: 
  237:                 case SSL2_ST_SERVER_START_ENCRYPTION:
  238:                         /* Ok we how have sent all the stuff needed to
  239:                          * start encrypting, the next packet back will
  240:                          * be encrypted. */
  241:                         if (!ssl2_enc_init(s,0))
  242:                                 { ret= -1; goto end; }
  243:                         s->s2->clear_text=0;
  244:                         s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
  245:                         BREAK;
  246: 
  247:                 case SSL2_ST_SEND_SERVER_VERIFY_A:
  248:                 case SSL2_ST_SEND_SERVER_VERIFY_B:
  249:                         ret=server_verify(s);
  250:                         if (ret <= 0) goto end;
  251:                         s->init_num=0;
  252:                         if (s->hit)
  253:                                 {
  254:                                 /* If we are in here, we have been
  255:                                  * buffering the output, so we need to
  256:                                  * flush it and remove buffering from
  257:                                  * future traffic */
  258:                                 s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
  259:                                 BREAK;
  260:                                 }
  261:                         else
  262:                                 {
  263:                                 s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
  264:                                 break;
  265:                                 }
  266: 
  267:                 case SSL2_ST_SEND_SERVER_VERIFY_C:
  268:                         /* get the number of bytes to write */
  269:                         num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
  270:                         if (num1 != 0)
  271:                                 {
  272:                                 s->rwstate=SSL_WRITING;
  273:                                 num1=BIO_flush(s->wbio);
  274:                                 if (num1 <= 0) { ret= -1; goto end; }
  275:                                 s->rwstate=SSL_NOTHING;
  276:                                 }
  277: 
  278:                         /* flushed and now remove buffering */
  279:                         s->wbio=BIO_pop(s->wbio);
  280: 
  281:                         s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
  282:                         BREAK;
  283: 
  284:                 case SSL2_ST_GET_CLIENT_FINISHED_A:
  285:                 case SSL2_ST_GET_CLIENT_FINISHED_B:
  286:                         ret=get_client_finished(s);
  287:                         if (ret <= 0)
  288:                                 goto end;
  289:                         s->init_num=0;
  290:                         s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
  291:                         BREAK;
  292: 
  293:                 case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
  294:                 case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
  295:                 case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
  296:                 case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
  297:                         /* don't do a 'request certificate' if we
  298:                          * don't want to, or we already have one, and
  299:                          * we only want to do it once. */
  300:                         if (!(s->verify_mode & SSL_VERIFY_PEER) ||
  301:                                 ((s->session->peer != NULL) &&
  302:                                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
  303:                                 {
  304:                                 s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
  305:                                 break;
  306:                                 }
  307:                         else
  308:                                 {
  309:                                 ret=request_certificate(s);
  310:                                 if (ret <= 0) goto end;
  311:                                 s->init_num=0;
  312:                                 s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
  313:                                 }
  314:                         BREAK;
  315: 
  316:                 case SSL2_ST_SEND_SERVER_FINISHED_A:
  317:                 case SSL2_ST_SEND_SERVER_FINISHED_B:
  318:                         ret=server_finish(s);
  319:                         if (ret <= 0) goto end;
  320:                         s->init_num=0;
  321:                         s->state=SSL_ST_OK;
  322:                         break;
  323: 
  324:                 case SSL_ST_OK:
  325:                         BUF_MEM_free(s->init_buf);
  326:                         ssl_free_wbio_buffer(s);
  327:                         s->init_buf=NULL;
  328:                         s->init_num=0;
  329:                 /*    ERR_clear_error();*/
  330: 
  331:                         ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
  332: 
  333:                         s->ctx->stats.sess_accept_good++;
  334:                         /* s->server=1; */
  335:                         ret=1;
  336: 
  337:                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
  338: 
  339:                         goto end;
  340:                         /* BREAK; */
  341: 
  342:                 default:
  343:                         SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
  344:                         ret= -1;
  345:                         goto end;
  346:                         /* BREAK; */
  347:                         }
  348:                 
  349:                 if ((cb != NULL) && (s->state != state))
  350:                         {
  351:                         new_state=s->state;
  352:                         s->state=state;
  353:                         cb(s,SSL_CB_ACCEPT_LOOP,1);
  354:                         s->state=new_state;
  355:                         }
  356:                 }
  357: end:
  358:         s->in_handshake--;
  359:         if (cb != NULL)
  360:                 cb(s,SSL_CB_ACCEPT_EXIT,ret);
  361:         return(ret);
  362:         }
  363: 
  364: static int get_client_master_key(SSL *s)
  365:         {
  366:         int is_export,i,n,keya,ek;
  367:         unsigned long len;
  368:         unsigned char *p;
  369:         SSL_CIPHER *cp;
  370:         const EVP_CIPHER *c;
  371:         const EVP_MD *md;
  372: 
  373:         p=(unsigned char *)s->init_buf->data;
  374:         if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
  375:                 {
  376:                 i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
  377: 
  378:                 if (i < (10-s->init_num))
  379:                         return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
  380:                 s->init_num = 10;
  381: 
  382:                 if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
  383:                         {
  384:                         if (p[-1] != SSL2_MT_ERROR)
  385:                                 {
  386:                                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  387:                                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
  388:                                 }
  389:                         else
  390:                                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
  391:                         return(-1);
  392:                         }
  393: 
  394:                 cp=ssl2_get_cipher_by_char(p);
  395:                 if (cp == NULL)
  396:                         {
  397:                         ssl2_return_error(s,SSL2_PE_NO_CIPHER);
  398:                         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
  399:                         return(-1);
  400:                         }
  401:                 s->session->cipher= cp;
  402: 
  403:                 p+=3;
  404:                 n2s(p,i); s->s2->tmp.clear=i;
  405:                 n2s(p,i); s->s2->tmp.enc=i;
  406:                 n2s(p,i); s->session->key_arg_length=i;
  407:                 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
  408:                         {
  409:                         ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  410:                         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
  411:                         return -1;
  412:                         }
  413:                 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
  414:                 }
  415: 
  416:         /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
  417:         p=(unsigned char *)s->init_buf->data;
  418:         if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  419:                 {
  420:                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  421:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
  422:                 return -1;
  423:                 }
  424:         keya=s->session->key_arg_length;
  425:         len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
  426:         if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  427:                 {
  428:                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  429:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
  430:                 return -1;
  431:                 }
  432:         n = (int)len - s->init_num;
  433:         i = ssl2_read(s,(char *)&(p[s->init_num]),n);
  434:         if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
  435:         if (s->msg_callback)
  436:                 s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
  437:         p += 10;
  438: 
  439:         memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
  440:                 (unsigned int)keya);
  441: 
  442:         if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
  443:                 {
  444:                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  445:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
  446:                 return(-1);
  447:                 }
  448:         i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
  449:                 &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
  450:                 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
  451: 
  452:         is_export=SSL_C_IS_EXPORT(s->session->cipher);
  453:         
  454:         if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
  455:                 {
  456:                 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
  457:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
  458:                 return(0);
  459:                 }
  460: 
  461:         if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
  462:                 {
  463:                 is_export=1;
  464:                 ek=8;
  465:                 }
  466:         else
  467:                 ek=5;
  468: 
  469:         /* bad decrypt */
  470: #if 1
  471:         /* If a bad decrypt, continue with protocol but with a
  472:          * random master secret (Bleichenbacher attack) */
  473:         if ((i < 0) ||
  474:                 ((!is_export && (i != EVP_CIPHER_key_length(c)))
  475:                 || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
  476:                         (unsigned int)EVP_CIPHER_key_length(c))))))
  477:                 {
  478:                 ERR_clear_error();
  479:                 if (is_export)
  480:                         i=ek;
  481:                 else
  482:                         i=EVP_CIPHER_key_length(c);
  483:                 if (RAND_pseudo_bytes(p,i) <= 0)
  484:                         return 0;
  485:                 }
  486: #else
  487:         if (i < 0)
  488:                 {
  489:                 error=1;
  490:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
  491:                 }
  492:         /* incorrect number of key bytes for non export cipher */
  493:         else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
  494:                 || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
  495:                         EVP_CIPHER_key_length(c)))))
  496:                 {
  497:                 error=1;
  498:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
  499:                 }
  500:         if (error)
  501:                 {
  502:                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  503:                 return(-1);
  504:                 }
  505: #endif
  506: 
  507:         if (is_export) i+=s->s2->tmp.clear;
  508: 
  509:         if (i > SSL_MAX_MASTER_KEY_LENGTH)
  510:                 {
  511:                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  512:                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
  513:                 return -1;
  514:                 }
  515:         s->session->master_key_length=i;
  516:         memcpy(s->session->master_key,p,(unsigned int)i);
  517:         return(1);
  518:         }
  519: 
  520: static int get_client_hello(SSL *s)
  521:         {
  522:         int i,n;
  523:         unsigned long len;
  524:         unsigned char *p;
  525:         STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
  526:         STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
  527:         STACK_OF(SSL_CIPHER) *prio, *allow;
  528:         int z;
  529: 
  530:         /* This is a bit of a hack to check for the correct packet
  531:          * type the first time round. */
  532:         if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
  533:                 {
  534:                 s->first_packet=1;
  535:                 s->state=SSL2_ST_GET_CLIENT_HELLO_B;
  536:                 }
  537: 
  538:         p=(unsigned char *)s->init_buf->data;
  539:         if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
  540:                 {
  541:                 i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
  542:                 if (i < (9-s->init_num)) 
  543:                         return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
  544:                 s->init_num = 9;
  545:         
  546:                 if (*(p++) != SSL2_MT_CLIENT_HELLO)
  547:                         {</