OLD | NEW |
1 /* ssl/s23_clnt.c */ | 1 /* ssl/s23_clnt.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
| 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 * |
| 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions |
| 63 * are met: |
| 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. |
| 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in |
| 70 * the documentation and/or other materials provided with the |
| 71 * distribution. |
| 72 * |
| 73 * 3. All advertising materials mentioning features or use of this |
| 74 * software must display the following acknowledgment: |
| 75 * "This product includes software developed by the OpenSSL Project |
| 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 77 * |
| 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 79 * endorse or promote products derived from this software without |
| 80 * prior written permission. For written permission, please contact |
| 81 * openssl-core@openssl.org. |
| 82 * |
| 83 * 5. Products derived from this software may not be called "OpenSSL" |
| 84 * nor may "OpenSSL" appear in their names without prior written |
| 85 * permission of the OpenSSL Project. |
| 86 * |
| 87 * 6. Redistributions of any form whatsoever must retain the following |
| 88 * acknowledgment: |
| 89 * "This product includes software developed by the OpenSSL Project |
| 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 91 * |
| 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 * ==================================================================== |
| 105 * |
| 106 * This product includes cryptographic software written by Eric Young |
| 107 * (eay@cryptsoft.com). This product includes software written by Tim |
| 108 * Hudson (tjh@cryptsoft.com). |
| 109 * |
| 110 */ |
58 | 111 |
59 #include <stdio.h> | 112 #include <stdio.h> |
60 #include "ssl_locl.h" | 113 #include "ssl_locl.h" |
61 #include <openssl/buffer.h> | 114 #include <openssl/buffer.h> |
62 #include <openssl/rand.h> | 115 #include <openssl/rand.h> |
63 #include <openssl/objects.h> | 116 #include <openssl/objects.h> |
64 #include <openssl/evp.h> | 117 #include <openssl/evp.h> |
65 | 118 |
66 static SSL_METHOD *ssl23_get_client_method(int ver); | 119 static const SSL_METHOD *ssl23_get_client_method(int ver); |
67 static int ssl23_client_hello(SSL *s); | 120 static int ssl23_client_hello(SSL *s); |
68 static int ssl23_get_server_hello(SSL *s); | 121 static int ssl23_get_server_hello(SSL *s); |
69 static SSL_METHOD *ssl23_get_client_method(int ver) | 122 static const SSL_METHOD *ssl23_get_client_method(int ver) |
70 { | 123 { |
71 #ifndef OPENSSL_NO_SSL2 | 124 #ifndef OPENSSL_NO_SSL2 |
72 if (ver == SSL2_VERSION) | 125 if (ver == SSL2_VERSION) |
73 return(SSLv2_client_method()); | 126 return(SSLv2_client_method()); |
74 #endif | 127 #endif |
75 if (ver == SSL3_VERSION) | 128 if (ver == SSL3_VERSION) |
76 return(SSLv3_client_method()); | 129 return(SSLv3_client_method()); |
77 else if (ver == TLS1_VERSION) | 130 else if (ver == TLS1_VERSION) |
78 return(TLSv1_client_method()); | 131 return(TLSv1_client_method()); |
79 else | 132 else |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
190 } | 243 } |
191 end: | 244 end: |
192 s->in_handshake--; | 245 s->in_handshake--; |
193 if (buf != NULL) | 246 if (buf != NULL) |
194 BUF_MEM_free(buf); | 247 BUF_MEM_free(buf); |
195 if (cb != NULL) | 248 if (cb != NULL) |
196 cb(s,SSL_CB_CONNECT_EXIT,ret); | 249 cb(s,SSL_CB_CONNECT_EXIT,ret); |
197 return(ret); | 250 return(ret); |
198 } | 251 } |
199 | 252 |
| 253 static int ssl23_no_ssl2_ciphers(SSL *s) |
| 254 { |
| 255 SSL_CIPHER *cipher; |
| 256 STACK_OF(SSL_CIPHER) *ciphers; |
| 257 int i; |
| 258 ciphers = SSL_get_ciphers(s); |
| 259 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) |
| 260 { |
| 261 cipher = sk_SSL_CIPHER_value(ciphers, i); |
| 262 if (cipher->algorithm_ssl == SSL_SSLV2) |
| 263 return 0; |
| 264 } |
| 265 return 1; |
| 266 } |
200 | 267 |
201 static int ssl23_client_hello(SSL *s) | 268 static int ssl23_client_hello(SSL *s) |
202 { | 269 { |
203 unsigned char *buf; | 270 unsigned char *buf; |
204 unsigned char *p,*d; | 271 unsigned char *p,*d; |
205 int i,ch_len; | 272 int i,ch_len; |
206 unsigned long Time,l; | 273 unsigned long Time,l; |
207 int ssl2_compat; | 274 int ssl2_compat; |
208 int version = 0, version_major, version_minor; | 275 int version = 0, version_major, version_minor; |
209 #ifndef OPENSSL_NO_COMP | 276 #ifndef OPENSSL_NO_COMP |
210 int j; | 277 int j; |
211 SSL_COMP *comp; | 278 SSL_COMP *comp; |
212 #endif | 279 #endif |
213 int ret; | 280 int ret; |
214 | 281 |
215 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; | 282 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; |
216 | 283 |
| 284 if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) |
| 285 ssl2_compat = 0; |
| 286 |
217 if (!(s->options & SSL_OP_NO_TLSv1)) | 287 if (!(s->options & SSL_OP_NO_TLSv1)) |
218 { | 288 { |
219 version = TLS1_VERSION; | 289 version = TLS1_VERSION; |
220 } | 290 } |
221 else if (!(s->options & SSL_OP_NO_SSLv3)) | 291 else if (!(s->options & SSL_OP_NO_SSLv3)) |
222 { | 292 { |
223 version = SSL3_VERSION; | 293 version = SSL3_VERSION; |
224 } | 294 } |
225 else if (!(s->options & SSL_OP_NO_SSLv2)) | 295 else if (!(s->options & SSL_OP_NO_SSLv2)) |
226 { | 296 { |
227 version = SSL2_VERSION; | 297 version = SSL2_VERSION; |
228 } | 298 } |
229 #ifndef OPENSSL_NO_TLSEXT | 299 #ifndef OPENSSL_NO_TLSEXT |
230 if (version != SSL2_VERSION) | 300 if (version != SSL2_VERSION) |
231 { | 301 { |
232 /* have to disable SSL 2.0 compatibility if we need TLS extensio
ns */ | 302 /* have to disable SSL 2.0 compatibility if we need TLS extensio
ns */ |
233 | 303 |
234 if (s->tlsext_hostname != NULL) | 304 if (s->tlsext_hostname != NULL) |
235 ssl2_compat = 0; | 305 ssl2_compat = 0; |
236 if (s->tlsext_status_type != -1) | 306 if (s->tlsext_status_type != -1) |
237 ssl2_compat = 0; | 307 ssl2_compat = 0; |
| 308 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 309 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_o
paque_prf_input != NULL) |
| 310 ssl2_compat = 0; |
| 311 #endif |
238 } | 312 } |
239 #endif | 313 #endif |
240 | 314 |
241 buf=(unsigned char *)s->init_buf->data; | 315 buf=(unsigned char *)s->init_buf->data; |
242 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | 316 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) |
243 { | 317 { |
244 #if 0 | 318 #if 0 |
245 /* don't reuse session-id's */ | 319 /* don't reuse session-id's */ |
246 if (!ssl_get_new_session(s,0)) | 320 if (!ssl_get_new_session(s,0)) |
247 { | 321 { |
248 return(-1); | 322 return(-1); |
249 } | 323 } |
250 #endif | 324 #endif |
251 | 325 |
252 p=s->s3->client_random; | 326 p=s->s3->client_random; |
253 Time=(unsigned long)time(NULL); /* Time */ | 327 Time=(unsigned long)time(NULL); /* Time */ |
254 l2n(Time,p); | 328 l2n(Time,p); |
255 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 329 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
256 return -1; | 330 return -1; |
257 | 331 |
258 if (version == TLS1_VERSION) | 332 if (version == TLS1_VERSION) |
259 { | 333 { |
260 version_major = TLS1_VERSION_MAJOR; | 334 version_major = TLS1_VERSION_MAJOR; |
261 version_minor = TLS1_VERSION_MINOR; | 335 version_minor = TLS1_VERSION_MINOR; |
262 } | 336 } |
263 #ifdef OPENSSL_FIPS | |
264 else if(FIPS_mode()) | |
265 { | |
266 SSLerr(SSL_F_SSL23_CLIENT_HELLO, | |
267 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | |
268 return -1; | |
269 } | |
270 #endif | |
271 else if (version == SSL3_VERSION) | 337 else if (version == SSL3_VERSION) |
272 { | 338 { |
273 version_major = SSL3_VERSION_MAJOR; | 339 version_major = SSL3_VERSION_MAJOR; |
274 version_minor = SSL3_VERSION_MINOR; | 340 version_minor = SSL3_VERSION_MINOR; |
275 } | 341 } |
276 else if (version == SSL2_VERSION) | 342 else if (version == SSL2_VERSION) |
277 { | 343 { |
278 version_major = SSL2_VERSION_MAJOR; | 344 version_major = SSL2_VERSION_MAJOR; |
279 version_minor = SSL2_VERSION_MINOR; | 345 version_minor = SSL2_VERSION_MINOR; |
280 } | 346 } |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
314 s->session->session_id_length=0; | 380 s->session->session_id_length=0; |
315 #endif | 381 #endif |
316 s2n(0,d); | 382 s2n(0,d); |
317 | 383 |
318 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) | 384 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) |
319 ch_len=SSL2_CHALLENGE_LENGTH; | 385 ch_len=SSL2_CHALLENGE_LENGTH; |
320 else | 386 else |
321 ch_len=SSL2_MAX_CHALLENGE_LENGTH; | 387 ch_len=SSL2_MAX_CHALLENGE_LENGTH; |
322 | 388 |
323 /* write out sslv2 challenge */ | 389 /* write out sslv2 challenge */ |
| 390 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), |
| 391 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) |
| 392 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the |
| 393 check in for futurproofing */ |
324 if (SSL3_RANDOM_SIZE < ch_len) | 394 if (SSL3_RANDOM_SIZE < ch_len) |
325 i=SSL3_RANDOM_SIZE; | 395 i=SSL3_RANDOM_SIZE; |
326 else | 396 else |
327 i=ch_len; | 397 i=ch_len; |
328 s2n(i,d); | 398 s2n(i,d); |
329 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); | 399 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); |
330 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM
_SIZE-i]),i) <= 0) | 400 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM
_SIZE-i]),i) <= 0) |
331 return -1; | 401 return -1; |
332 | 402 |
333 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 403 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
(...skipping 28 matching lines...) Expand all Loading... |
362 | 432 |
363 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ | 433 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ |
364 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),
ssl3_put_cipher_by_char); | 434 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),
ssl3_put_cipher_by_char); |
365 if (i == 0) | 435 if (i == 0) |
366 { | 436 { |
367 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS
_AVAILABLE); | 437 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS
_AVAILABLE); |
368 return -1; | 438 return -1; |
369 } | 439 } |
370 s2n(i,p); | 440 s2n(i,p); |
371 p+=i; | 441 p+=i; |
| 442 |
| 443 /* COMPRESSION */ |
372 #ifdef OPENSSL_NO_COMP | 444 #ifdef OPENSSL_NO_COMP |
373 *(p++)=1; | 445 *(p++)=1; |
374 #else | 446 #else |
375 » » » /* COMPRESSION */ | 447 » » » if ((s->options & SSL_OP_NO_COMPRESSION) |
376 » » » if (s->ctx->comp_methods == NULL) | 448 » » » » » » || !s->ctx->comp_methods) |
377 j=0; | 449 j=0; |
378 else | 450 else |
379 j=sk_SSL_COMP_num(s->ctx->comp_methods); | 451 j=sk_SSL_COMP_num(s->ctx->comp_methods); |
380 *(p++)=1+j; | 452 *(p++)=1+j; |
381 for (i=0; i<j; i++) | 453 for (i=0; i<j; i++) |
382 { | 454 { |
383 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | 455 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); |
384 *(p++)=comp->id; | 456 *(p++)=comp->id; |
385 } | 457 } |
386 #endif | 458 #endif |
387 *(p++)=0; /* Add the NULL method */ | 459 *(p++)=0; /* Add the NULL method */ |
| 460 |
388 #ifndef OPENSSL_NO_TLSEXT | 461 #ifndef OPENSSL_NO_TLSEXT |
| 462 /* TLS extensions*/ |
| 463 if (ssl_prepare_clienthello_tlsext(s) <= 0) |
| 464 { |
| 465 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELL
O_TLSEXT); |
| 466 return -1; |
| 467 } |
389 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MA
X_PLAIN_LENGTH)) == NULL) | 468 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MA
X_PLAIN_LENGTH)) == NULL) |
390 { | 469 { |
391 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_E
RROR); | 470 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_E
RROR); |
392 return -1; | 471 return -1; |
393 } | 472 } |
394 #endif | 473 #endif |
395 | 474 |
396 l = p-d; | 475 l = p-d; |
397 *p = 42; | |
398 | 476 |
399 /* fill in 4-byte handshake header */ | 477 /* fill in 4-byte handshake header */ |
400 d=&(buf[5]); | 478 d=&(buf[5]); |
401 *(d++)=SSL3_MT_CLIENT_HELLO; | 479 *(d++)=SSL3_MT_CLIENT_HELLO; |
402 l2n3(l,d); | 480 l2n3(l,d); |
403 | 481 |
404 l += 4; | 482 l += 4; |
405 | 483 |
406 if (l > SSL3_RT_MAX_PLAIN_LENGTH) | 484 if (l > SSL3_RT_MAX_PLAIN_LENGTH) |
407 { | 485 { |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
482 } | 560 } |
483 else | 561 else |
484 ssl2_clear(s); | 562 ssl2_clear(s); |
485 | 563 |
486 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) | 564 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) |
487 ch_len=SSL2_CHALLENGE_LENGTH; | 565 ch_len=SSL2_CHALLENGE_LENGTH; |
488 else | 566 else |
489 ch_len=SSL2_MAX_CHALLENGE_LENGTH; | 567 ch_len=SSL2_MAX_CHALLENGE_LENGTH; |
490 | 568 |
491 /* write out sslv2 challenge */ | 569 /* write out sslv2 challenge */ |
| 570 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because |
| 571 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or |
| 572 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for |
| 573 futurproofing */ |
492 i=(SSL3_RANDOM_SIZE < ch_len) | 574 i=(SSL3_RANDOM_SIZE < ch_len) |
493 ?SSL3_RANDOM_SIZE:ch_len; | 575 ?SSL3_RANDOM_SIZE:ch_len; |
494 s->s2->challenge_length=i; | 576 s->s2->challenge_length=i; |
495 memcpy(s->s2->challenge, | 577 memcpy(s->s2->challenge, |
496 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 578 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
497 | 579 |
498 if (s->s3 != NULL) ssl3_free(s); | 580 if (s->s3 != NULL) ssl3_free(s); |
499 | 581 |
500 if (!BUF_MEM_grow_clean(s->init_buf, | 582 if (!BUF_MEM_grow_clean(s->init_buf, |
501 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) | 583 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) |
502 { | 584 { |
503 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); | 585 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); |
504 goto err; | 586 goto err; |
505 } | 587 } |
506 | 588 |
507 s->state=SSL2_ST_GET_SERVER_HELLO_A; | 589 s->state=SSL2_ST_GET_SERVER_HELLO_A; |
508 if (!(s->client_version == SSL2_VERSION)) | 590 if (!(s->client_version == SSL2_VERSION)) |
509 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2
) */ | 591 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2
) */ |
510 s->s2->ssl2_rollback=1; | 592 s->s2->ssl2_rollback=1; |
511 | 593 |
512 » » /* setup the 5 bytes we have read so we get them from | 594 » » /* setup the 7 bytes we have read so we get them from |
513 * the sslv2 buffer */ | 595 * the sslv2 buffer */ |
514 s->rstate=SSL_ST_READ_HEADER; | 596 s->rstate=SSL_ST_READ_HEADER; |
515 s->packet_length=n; | 597 s->packet_length=n; |
516 s->packet= &(s->s2->rbuf[0]); | 598 s->packet= &(s->s2->rbuf[0]); |
517 memcpy(s->packet,buf,n); | 599 memcpy(s->packet,buf,n); |
518 s->s2->rbuf_left=n; | 600 s->s2->rbuf_left=n; |
519 s->s2->rbuf_offs=0; | 601 s->s2->rbuf_offs=0; |
520 | 602 |
521 /* we have already written one */ | 603 /* we have already written one */ |
522 s->s2->write_sequence=1; | 604 s->s2->write_sequence=1; |
523 | 605 |
524 s->method=SSLv2_client_method(); | 606 s->method=SSLv2_client_method(); |
525 s->handshake_func=s->method->ssl_connect; | 607 s->handshake_func=s->method->ssl_connect; |
526 #endif | 608 #endif |
527 } | 609 } |
528 » else if ((p[0] == SSL3_RT_HANDSHAKE) && | 610 » else if (p[1] == SSL3_VERSION_MAJOR && |
529 » » (p[1] == SSL3_VERSION_MAJOR) && | 611 » (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) && |
530 » » ((p[2] == SSL3_VERSION_MINOR) || | 612 » ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || |
531 » » (p[2] == TLS1_VERSION_MINOR)) && | 613 » (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) |
532 » » (p[5] == SSL3_MT_SERVER_HELLO)) | |
533 { | 614 { |
534 » » /* we have sslv3 or tls1 */ | 615 » » /* we have sslv3 or tls1 (server hello or alert) */ |
535 | |
536 » » if (!ssl_init_wbio_buffer(s,1)) goto err; | |
537 | |
538 » » /* we are in this state */ | |
539 » » s->state=SSL3_ST_CR_SRVR_HELLO_A; | |
540 | |
541 » » /* put the 5 bytes we have read into the input buffer | |
542 » » * for SSLv3 */ | |
543 » » s->rstate=SSL_ST_READ_HEADER; | |
544 » » s->packet_length=n; | |
545 » » s->packet= &(s->s3->rbuf.buf[0]); | |
546 » » memcpy(s->packet,buf,n); | |
547 » » s->s3->rbuf.left=n; | |
548 » » s->s3->rbuf.offset=0; | |
549 | 616 |
550 if ((p[2] == SSL3_VERSION_MINOR) && | 617 if ((p[2] == SSL3_VERSION_MINOR) && |
551 !(s->options & SSL_OP_NO_SSLv3)) | 618 !(s->options & SSL_OP_NO_SSLv3)) |
552 { | 619 { |
553 #ifdef OPENSSL_FIPS | |
554 if(FIPS_mode()) | |
555 { | |
556 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | |
557 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | |
558 goto err; | |
559 } | |
560 #endif | |
561 s->version=SSL3_VERSION; | 620 s->version=SSL3_VERSION; |
562 s->method=SSLv3_client_method(); | 621 s->method=SSLv3_client_method(); |
563 } | 622 } |
564 else if ((p[2] == TLS1_VERSION_MINOR) && | 623 else if ((p[2] == TLS1_VERSION_MINOR) && |
565 !(s->options & SSL_OP_NO_TLSv1)) | 624 !(s->options & SSL_OP_NO_TLSv1)) |
566 { | 625 { |
567 s->version=TLS1_VERSION; | 626 s->version=TLS1_VERSION; |
568 s->method=TLSv1_client_method(); | 627 s->method=TLSv1_client_method(); |
569 } | 628 } |
570 else | 629 else |
571 { | 630 { |
572 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PR
OTOCOL); | 631 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PR
OTOCOL); |
573 goto err; | 632 goto err; |
574 } | 633 } |
| 634 |
| 635 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) |
| 636 { |
| 637 /* fatal alert */ |
| 638 |
| 639 void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 640 int j; |
| 641 |
| 642 if (s->info_callback != NULL) |
| 643 cb=s->info_callback; |
| 644 else if (s->ctx->info_callback != NULL) |
| 645 cb=s->ctx->info_callback; |
| 646 |
| 647 i=p[5]; |
| 648 if (cb != NULL) |
| 649 { |
| 650 j=(i<<8)|p[6]; |
| 651 cb(s,SSL_CB_READ_ALERT,j); |
| 652 } |
575 | 653 |
576 » » s->handshake_func=s->method->ssl_connect; | 654 » » » if (s->msg_callback) |
577 » » } | 655 » » » » s->msg_callback(0, s->version, SSL3_RT_ALERT, p+
5, 2, s, s->msg_callback_arg); |
578 » else if ((p[0] == SSL3_RT_ALERT) && | |
579 » » (p[1] == SSL3_VERSION_MAJOR) && | |
580 » » ((p[2] == SSL3_VERSION_MINOR) || | |
581 » » (p[2] == TLS1_VERSION_MINOR)) && | |
582 » » (p[3] == 0) && | |
583 » » (p[4] == 2)) | |
584 » » { | |
585 » » void (*cb)(const SSL *ssl,int type,int val)=NULL; | |
586 » » int j; | |
587 | 656 |
588 » » /* An alert */ | 657 » » » s->rwstate=SSL_NOTHING; |
589 » » if (s->info_callback != NULL) | 658 » » » SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET
+p[6]); |
590 » » » cb=s->info_callback; | 659 » » » goto err; |
591 » » else if (s->ctx->info_callback != NULL) | |
592 » » » cb=s->ctx->info_callback; | |
593 | |
594 » » i=p[5]; | |
595 » » if (cb != NULL) | |
596 » » » { | |
597 » » » j=(i<<8)|p[6]; | |
598 » » » cb(s,SSL_CB_READ_ALERT,j); | |
599 } | 660 } |
600 | 661 |
601 » » s->rwstate=SSL_NOTHING; | 662 » » if (!ssl_init_wbio_buffer(s,1)) goto err; |
602 » » SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); | 663 |
603 » » goto err; | 664 » » /* we are in this state */ |
| 665 » » s->state=SSL3_ST_CR_SRVR_HELLO_A; |
| 666 |
| 667 » » /* put the 7 bytes we have read into the input buffer |
| 668 » » * for SSLv3 */ |
| 669 » » s->rstate=SSL_ST_READ_HEADER; |
| 670 » » s->packet_length=n; |
| 671 » » if (s->s3->rbuf.buf == NULL) |
| 672 » » » if (!ssl3_setup_read_buffer(s)) |
| 673 » » » » goto err; |
| 674 » » s->packet= &(s->s3->rbuf.buf[0]); |
| 675 » » memcpy(s->packet,buf,n); |
| 676 » » s->s3->rbuf.left=n; |
| 677 » » s->s3->rbuf.offset=0; |
| 678 |
| 679 » » s->handshake_func=s->method->ssl_connect; |
604 } | 680 } |
605 else | 681 else |
606 { | 682 { |
607 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); | 683 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); |
608 goto err; | 684 goto err; |
609 } | 685 } |
610 s->init_num=0; | 686 s->init_num=0; |
611 | 687 |
612 /* Since, if we are sending a ssl23 client hello, we are not | 688 /* Since, if we are sending a ssl23 client hello, we are not |
613 * reusing a session-id */ | 689 * reusing a session-id */ |
| 690 if (!s->session_creation_enabled) |
| 691 { |
| 692 if (!(s->client_version == SSL2_VERSION)) |
| 693 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE
); |
| 694 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CRE
ATED); |
| 695 goto err; |
| 696 } |
614 if (!ssl_get_new_session(s,0)) | 697 if (!ssl_get_new_session(s,0)) |
615 goto err; | 698 goto err; |
616 | 699 |
617 return(SSL_connect(s)); | 700 return(SSL_connect(s)); |
618 err: | 701 err: |
619 return(-1); | 702 return(-1); |
620 } | 703 } |
621 | |
OLD | NEW |