| OLD | NEW |
|---|
| 1 /* ssl/s23_srvr.c */ | 1 /* ssl/s23_srvr.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
| 52 * | 52 * |
| 53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
| 54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
| 56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
| 57 */ | 57 */ |
| 58 /* ==================================================================== | 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 * | 60 * |
| 61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
| 63 * are met: | 63 * are met: |
| 64 * | 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
| 67 * | 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 109 * | 109 * |
| 110 */ | 110 */ |
| 111 | 111 |
| 112 #include <stdio.h> | 112 #include <stdio.h> |
| 113 #include "ssl_locl.h" | 113 #include "ssl_locl.h" |
| 114 #include <openssl/buffer.h> | 114 #include <openssl/buffer.h> |
| 115 #include <openssl/rand.h> | 115 #include <openssl/rand.h> |
| 116 #include <openssl/objects.h> | 116 #include <openssl/objects.h> |
| 117 #include <openssl/evp.h> | 117 #include <openssl/evp.h> |
| 118 | 118 |
| 119 static SSL_METHOD *ssl23_get_server_method(int ver); | 119 static const SSL_METHOD *ssl23_get_server_method(int ver); |
| 120 int ssl23_get_client_hello(SSL *s); | 120 int ssl23_get_client_hello(SSL *s); |
| 121 static SSL_METHOD *ssl23_get_server_method(int ver) | 121 static const SSL_METHOD *ssl23_get_server_method(int ver) |
| 122 { | 122 { |
| 123 #ifndef OPENSSL_NO_SSL2 | 123 #ifndef OPENSSL_NO_SSL2 |
| 124 if (ver == SSL2_VERSION) | 124 if (ver == SSL2_VERSION) |
| 125 return(SSLv2_server_method()); | 125 return(SSLv2_server_method()); |
| 126 #endif | 126 #endif |
| 127 if (ver == SSL3_VERSION) | 127 if (ver == SSL3_VERSION) |
| 128 return(SSLv3_server_method()); | 128 return(SSLv3_server_method()); |
| 129 else if (ver == TLS1_VERSION) | 129 else if (ver == TLS1_VERSION) |
| 130 return(TLSv1_server_method()); | 130 return(TLSv1_server_method()); |
| 131 else | 131 else |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 386 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); | 386 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); |
| 387 goto err; | 387 goto err; |
| 388 } | 388 } |
| 389 else if (strncmp("CONNECT",(char *)p,7) == 0) | 389 else if (strncmp("CONNECT",(char *)p,7) == 0) |
| 390 { | 390 { |
| 391 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_RE
QUEST); | 391 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_RE
QUEST); |
| 392 goto err; | 392 goto err; |
| 393 } | 393 } |
| 394 } | 394 } |
| 395 | 395 |
| 396 #ifdef OPENSSL_FIPS | |
| 397 if (FIPS_mode() && (s->version < TLS1_VERSION)) | |
| 398 { | |
| 399 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
| 400 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | |
| 401 goto err; | |
| 402 } | |
| 403 #endif | |
| 404 | |
| 405 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 396 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 406 { | 397 { |
| 407 /* we have SSLv3/TLSv1 in an SSLv2 header | 398 /* we have SSLv3/TLSv1 in an SSLv2 header |
| 408 * (other cases skip this state) */ | 399 * (other cases skip this state) */ |
| 409 | 400 |
| 410 type=2; | 401 type=2; |
| 411 p=s->packet; | 402 p=s->packet; |
| 412 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | 403 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ |
| 413 v[1] = p[4]; | 404 v[1] = p[4]; |
| 414 | 405 |
| 406 /* The SSL2 protocol allows n to be larger, just pick |
| 407 * a reasonable buffer size. */ |
| 408 #if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD |
| 409 #error "SSL3_RT_DEFAULT_PACKET_SIZE is too small." |
| 410 #endif |
| 415 n=((p[0]&0x7f)<<8)|p[1]; | 411 n=((p[0]&0x7f)<<8)|p[1]; |
| 416 » » if (n > (1024*4)) | 412 » » if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2) |
| 417 { | 413 { |
| 418 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LAR
GE); | 414 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LAR
GE); |
| 419 goto err; | 415 goto err; |
| 420 } | 416 } |
| 421 | 417 |
| 422 j=ssl23_read_bytes(s,n+2); | 418 j=ssl23_read_bytes(s,n+2); |
| 423 if (j <= 0) return(j); | 419 if (j <= 0) return(j); |
| 424 | 420 |
| 425 ssl3_finish_mac(s, s->packet+2, s->packet_length-2); | 421 ssl3_finish_mac(s, s->packet+2, s->packet_length-2); |
| 426 if (s->msg_callback) | 422 if (s->msg_callback) |
| 427 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->pack
et_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | 423 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->pack
et_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ |
| 428 | 424 |
| 429 p=s->packet; | 425 p=s->packet; |
| 430 p+=5; | 426 p+=5; |
| 431 n2s(p,csl); | 427 n2s(p,csl); |
| 432 n2s(p,sil); | 428 n2s(p,sil); |
| 433 n2s(p,cl); | 429 n2s(p,cl); |
| 434 d=(unsigned char *)s->init_buf->data; | 430 d=(unsigned char *)s->init_buf->data; |
| 435 » » if ((csl+sil+cl+11) != s->packet_length) | 431 » » if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS ex
tensions in SSL 2.0 format |
| 432 » » * Client Hello, can we
? Error condition should be |
| 433 » » * '>' otherweise */ |
| 436 { | 434 { |
| 437 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_
MISMATCH); | 435 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_
MISMATCH); |
| 438 goto err; | 436 goto err; |
| 439 } | 437 } |
| 440 | 438 |
| 441 /* record header: msg_type ... */ | 439 /* record header: msg_type ... */ |
| 442 *(d++) = SSL3_MT_CLIENT_HELLO; | 440 *(d++) = SSL3_MT_CLIENT_HELLO; |
| 443 /* ... and length (actual value will be written later) */ | 441 /* ... and length (actual value will be written later) */ |
| 444 d_len = d; | 442 d_len = d; |
| 445 d += 3; | 443 d += 3; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 468 *(d++)=p[i+1]; | 466 *(d++)=p[i+1]; |
| 469 *(d++)=p[i+2]; | 467 *(d++)=p[i+2]; |
| 470 j+=2; | 468 j+=2; |
| 471 } | 469 } |
| 472 s2n(j,dd); | 470 s2n(j,dd); |
| 473 | 471 |
| 474 /* COMPRESSION */ | 472 /* COMPRESSION */ |
| 475 *(d++)=1; | 473 *(d++)=1; |
| 476 *(d++)=0; | 474 *(d++)=0; |
| 477 | 475 |
| 476 #if 0 |
| 477 /* copy any remaining data with may be extensions */ |
| 478 p = p+csl+sil+cl; |
| 479 while (p < s->packet+s->packet_length) |
| 480 { |
| 481 *(d++)=*(p++); |
| 482 } |
| 483 #endif |
| 484 |
| 478 i = (d-(unsigned char *)s->init_buf->data) - 4; | 485 i = (d-(unsigned char *)s->init_buf->data) - 4; |
| 479 l2n3((long)i, d_len); | 486 l2n3((long)i, d_len); |
| 480 | 487 |
| 481 /* get the data reused from the init_buf */ | 488 /* get the data reused from the init_buf */ |
| 482 s->s3->tmp.reuse_message=1; | 489 s->s3->tmp.reuse_message=1; |
| 483 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; | 490 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; |
| 484 s->s3->tmp.message_size=i; | 491 s->s3->tmp.message_size=i; |
| 485 } | 492 } |
| 486 | 493 |
| 487 /* imaginary new state (for program structure): */ | 494 /* imaginary new state (for program structure): */ |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 543 | 550 |
| 544 /* we are in this state */ | 551 /* we are in this state */ |
| 545 s->state=SSL3_ST_SR_CLNT_HELLO_A; | 552 s->state=SSL3_ST_SR_CLNT_HELLO_A; |
| 546 | 553 |
| 547 if (type == 3) | 554 if (type == 3) |
| 548 { | 555 { |
| 549 /* put the 'n' bytes we have read into the input buffer | 556 /* put the 'n' bytes we have read into the input buffer |
| 550 * for SSLv3 */ | 557 * for SSLv3 */ |
| 551 s->rstate=SSL_ST_READ_HEADER; | 558 s->rstate=SSL_ST_READ_HEADER; |
| 552 s->packet_length=n; | 559 s->packet_length=n; |
| 560 if (s->s3->rbuf.buf == NULL) |
| 561 if (!ssl3_setup_read_buffer(s)) |
| 562 goto err; |
| 563 |
| 553 s->packet= &(s->s3->rbuf.buf[0]); | 564 s->packet= &(s->s3->rbuf.buf[0]); |
| 554 memcpy(s->packet,buf,n); | 565 memcpy(s->packet,buf,n); |
| 555 s->s3->rbuf.left=n; | 566 s->s3->rbuf.left=n; |
| 556 s->s3->rbuf.offset=0; | 567 s->s3->rbuf.offset=0; |
| 557 } | 568 } |
| 558 else | 569 else |
| 559 { | 570 { |
| 560 s->packet_length=0; | 571 s->packet_length=0; |
| 561 s->s3->rbuf.left=0; | 572 s->s3->rbuf.left=0; |
| 562 s->s3->rbuf.offset=0; | 573 s->s3->rbuf.offset=0; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 579 goto err; | 590 goto err; |
| 580 } | 591 } |
| 581 s->init_num=0; | 592 s->init_num=0; |
| 582 | 593 |
| 583 if (buf != buf_space) OPENSSL_free(buf); | 594 if (buf != buf_space) OPENSSL_free(buf); |
| 584 return(SSL_accept(s)); | 595 return(SSL_accept(s)); |
| 585 err: | 596 err: |
| 586 if (buf != buf_space) OPENSSL_free(buf); | 597 if (buf != buf_space) OPENSSL_free(buf); |
| 587 return(-1); | 598 return(-1); |
| 588 } | 599 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/