OLD | NEW |
| (Empty) |
1 /* ssl/s23_srvr.c */ | |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
3 * All rights reserved. | |
4 * | |
5 * This package is an SSL implementation written | |
6 * by Eric Young (eay@cryptsoft.com). | |
7 * The implementation was written so as to conform with Netscapes SSL. | |
8 * | |
9 * This library is free for commercial and non-commercial use as long as | |
10 * the following conditions are aheared to. The following conditions | |
11 * apply to all code found in this distribution, be it the RC4, RSA, | |
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 * included with this distribution is covered by the same copyright terms | |
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 * | |
16 * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 * the code are not to be removed. | |
18 * If this package is used in a product, Eric Young should be given attribution | |
19 * as the author of the parts of the library used. | |
20 * This can be in the form of a textual message at program startup or | |
21 * in documentation (online or textual) provided with the package. | |
22 * | |
23 * Redistribution and use in source and binary forms, with or without | |
24 * modification, are permitted provided that the following conditions | |
25 * are met: | |
26 * 1. Redistributions of source code must retain the copyright | |
27 * notice, this list of conditions and the following disclaimer. | |
28 * 2. Redistributions in binary form must reproduce the above copyright | |
29 * notice, this list of conditions and the following disclaimer in the | |
30 * documentation and/or other materials provided with the distribution. | |
31 * 3. All advertising materials mentioning features or use of this software | |
32 * must display the following acknowledgement: | |
33 * "This product includes cryptographic software written by | |
34 * Eric Young (eay@cryptsoft.com)" | |
35 * The word 'cryptographic' can be left out if the rouines from the library | |
36 * being used are not cryptographic related :-). | |
37 * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 * the apps directory (application code) you must include an acknowledgement: | |
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 * | |
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 * SUCH DAMAGE. | |
52 * | |
53 * The licence and distribution terms for any publically available version or | |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 * copied and put under another distribution licence | |
56 * [including the GNU Public Licence.] | |
57 */ | |
58 /* ==================================================================== | |
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | |
60 * | |
61 * Redistribution and use in source and binary forms, with or without | |
62 * modification, are permitted provided that the following conditions | |
63 * are met: | |
64 * | |
65 * 1. Redistributions of source code must retain the above copyright | |
66 * notice, this list of conditions and the following disclaimer. | |
67 * | |
68 * 2. Redistributions in binary form must reproduce the above copyright | |
69 * notice, this list of conditions and the following disclaimer in | |
70 * the documentation and/or other materials provided with the | |
71 * distribution. | |
72 * | |
73 * 3. All advertising materials mentioning features or use of this | |
74 * software must display the following acknowledgment: | |
75 * "This product includes software developed by the OpenSSL Project | |
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 * | |
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 * endorse or promote products derived from this software without | |
80 * prior written permission. For written permission, please contact | |
81 * openssl-core@openssl.org. | |
82 * | |
83 * 5. Products derived from this software may not be called "OpenSSL" | |
84 * nor may "OpenSSL" appear in their names without prior written | |
85 * permission of the OpenSSL Project. | |
86 * | |
87 * 6. Redistributions of any form whatsoever must retain the following | |
88 * acknowledgment: | |
89 * "This product includes software developed by the OpenSSL Project | |
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 * | |
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 * ==================================================================== | |
105 * | |
106 * This product includes cryptographic software written by Eric Young | |
107 * (eay@cryptsoft.com). This product includes software written by Tim | |
108 * Hudson (tjh@cryptsoft.com). | |
109 * | |
110 */ | |
111 | |
112 #include <stdio.h> | |
113 #include "ssl_locl.h" | |
114 #include <openssl/buffer.h> | |
115 #include <openssl/rand.h> | |
116 #include <openssl/objects.h> | |
117 #include <openssl/evp.h> | |
118 #ifdef OPENSSL_FIPS | |
119 #include <openssl/fips.h> | |
120 #endif | |
121 | |
122 static const SSL_METHOD *ssl23_get_server_method(int ver); | |
123 int ssl23_get_client_hello(SSL *s); | |
124 static const SSL_METHOD *ssl23_get_server_method(int ver) | |
125 { | |
126 #ifndef OPENSSL_NO_SSL2 | |
127 if (ver == SSL2_VERSION) | |
128 return(SSLv2_server_method()); | |
129 #endif | |
130 if (ver == SSL3_VERSION) | |
131 return(SSLv3_server_method()); | |
132 else if (ver == TLS1_VERSION) | |
133 return(TLSv1_server_method()); | |
134 else if (ver == TLS1_1_VERSION) | |
135 return(TLSv1_1_server_method()); | |
136 else if (ver == TLS1_2_VERSION) | |
137 return(TLSv1_2_server_method()); | |
138 else | |
139 return(NULL); | |
140 } | |
141 | |
142 IMPLEMENT_ssl23_meth_func(SSLv23_server_method, | |
143 ssl23_accept, | |
144 ssl_undefined_function, | |
145 ssl23_get_server_method) | |
146 | |
147 int ssl23_accept(SSL *s) | |
148 { | |
149 BUF_MEM *buf; | |
150 unsigned long Time=(unsigned long)time(NULL); | |
151 void (*cb)(const SSL *ssl,int type,int val)=NULL; | |
152 int ret= -1; | |
153 int new_state,state; | |
154 | |
155 RAND_add(&Time,sizeof(Time),0); | |
156 ERR_clear_error(); | |
157 clear_sys_error(); | |
158 | |
159 if (s->info_callback != NULL) | |
160 cb=s->info_callback; | |
161 else if (s->ctx->info_callback != NULL) | |
162 cb=s->ctx->info_callback; | |
163 | |
164 s->in_handshake++; | |
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | |
166 | |
167 for (;;) | |
168 { | |
169 state=s->state; | |
170 | |
171 switch(s->state) | |
172 { | |
173 case SSL_ST_BEFORE: | |
174 case SSL_ST_ACCEPT: | |
175 case SSL_ST_BEFORE|SSL_ST_ACCEPT: | |
176 case SSL_ST_OK|SSL_ST_ACCEPT: | |
177 | |
178 s->server=1; | |
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | |
180 | |
181 /* s->version=SSL3_VERSION; */ | |
182 s->type=SSL_ST_ACCEPT; | |
183 | |
184 if (s->init_buf == NULL) | |
185 { | |
186 if ((buf=BUF_MEM_new()) == NULL) | |
187 { | |
188 ret= -1; | |
189 goto end; | |
190 } | |
191 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) | |
192 { | |
193 ret= -1; | |
194 goto end; | |
195 } | |
196 s->init_buf=buf; | |
197 } | |
198 | |
199 ssl3_init_finished_mac(s); | |
200 | |
201 s->state=SSL23_ST_SR_CLNT_HELLO_A; | |
202 s->ctx->stats.sess_accept++; | |
203 s->init_num=0; | |
204 break; | |
205 | |
206 case SSL23_ST_SR_CLNT_HELLO_A: | |
207 case SSL23_ST_SR_CLNT_HELLO_B: | |
208 | |
209 s->shutdown=0; | |
210 ret=ssl23_get_client_hello(s); | |
211 if (ret >= 0) cb=NULL; | |
212 goto end; | |
213 /* break; */ | |
214 | |
215 default: | |
216 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); | |
217 ret= -1; | |
218 goto end; | |
219 /* break; */ | |
220 } | |
221 | |
222 if ((cb != NULL) && (s->state != state)) | |
223 { | |
224 new_state=s->state; | |
225 s->state=state; | |
226 cb(s,SSL_CB_ACCEPT_LOOP,1); | |
227 s->state=new_state; | |
228 } | |
229 } | |
230 end: | |
231 s->in_handshake--; | |
232 if (cb != NULL) | |
233 cb(s,SSL_CB_ACCEPT_EXIT,ret); | |
234 return(ret); | |
235 } | |
236 | |
237 | |
238 int ssl23_get_client_hello(SSL *s) | |
239 { | |
240 char buf_space[11]; /* Request this many bytes in initial read. | |
241 * We can detect SSL 3.0/TLS 1.0 Client Hellos | |
242 * ('type == 3') correctly only when the following | |
243 * is in a single record, which is not guaranteed by | |
244 * the protocol specification: | |
245 * Byte Content | |
246 * 0 type \ | |
247 * 1/2 version > record header | |
248 * 3/4 length / | |
249 * 5 msg_type \ | |
250 * 6-8 length > Client Hello message | |
251 * 9/10 client_version / | |
252 */ | |
253 char *buf= &(buf_space[0]); | |
254 unsigned char *p,*d,*d_len,*dd; | |
255 unsigned int i; | |
256 unsigned int csl,sil,cl; | |
257 int n=0,j; | |
258 int type=0; | |
259 int v[2]; | |
260 | |
261 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) | |
262 { | |
263 /* read the initial header */ | |
264 v[0]=v[1]=0; | |
265 | |
266 if (!ssl3_setup_buffers(s)) goto err; | |
267 | |
268 n=ssl23_read_bytes(s, sizeof buf_space); | |
269 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ | |
270 | |
271 p=s->packet; | |
272 | |
273 memcpy(buf,p,n); | |
274 | |
275 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) | |
276 { | |
277 /* | |
278 * SSLv2 header | |
279 */ | |
280 if ((p[3] == 0x00) && (p[4] == 0x02)) | |
281 { | |
282 v[0]=p[3]; v[1]=p[4]; | |
283 /* SSLv2 */ | |
284 if (!(s->options & SSL_OP_NO_SSLv2)) | |
285 type=1; | |
286 } | |
287 else if (p[3] == SSL3_VERSION_MAJOR) | |
288 { | |
289 v[0]=p[3]; v[1]=p[4]; | |
290 /* SSLv3/TLSv1 */ | |
291 if (p[4] >= TLS1_VERSION_MINOR) | |
292 { | |
293 if (p[4] >= TLS1_2_VERSION_MINOR && | |
294 !(s->options & SSL_OP_NO_TLSv1_2)) | |
295 { | |
296 s->version=TLS1_2_VERSION; | |
297 s->state=SSL23_ST_SR_CLNT_HELLO_
B; | |
298 } | |
299 else if (p[4] >= TLS1_1_VERSION_MINOR && | |
300 !(s->options & SSL_OP_NO_TLSv1_1)) | |
301 { | |
302 s->version=TLS1_1_VERSION; | |
303 /* type=2; */ /* done later to s
urvive restarts */ | |
304 s->state=SSL23_ST_SR_CLNT_HELLO_
B; | |
305 } | |
306 else if (!(s->options & SSL_OP_NO_TLSv1)
) | |
307 { | |
308 s->version=TLS1_VERSION; | |
309 /* type=2; */ /* done later to s
urvive restarts */ | |
310 s->state=SSL23_ST_SR_CLNT_HELLO_
B; | |
311 } | |
312 else if (!(s->options & SSL_OP_NO_SSLv3)
) | |
313 { | |
314 s->version=SSL3_VERSION; | |
315 /* type=2; */ | |
316 s->state=SSL23_ST_SR_CLNT_HELLO_
B; | |
317 } | |
318 else if (!(s->options & SSL_OP_NO_SSLv2)
) | |
319 { | |
320 type=1; | |
321 } | |
322 } | |
323 else if (!(s->options & SSL_OP_NO_SSLv3)) | |
324 { | |
325 s->version=SSL3_VERSION; | |
326 /* type=2; */ | |
327 s->state=SSL23_ST_SR_CLNT_HELLO_B; | |
328 } | |
329 else if (!(s->options & SSL_OP_NO_SSLv2)) | |
330 type=1; | |
331 | |
332 } | |
333 } | |
334 else if ((p[0] == SSL3_RT_HANDSHAKE) && | |
335 (p[1] == SSL3_VERSION_MAJOR) && | |
336 (p[5] == SSL3_MT_CLIENT_HELLO) && | |
337 ((p[3] == 0 && p[4] < 5 /* silly record length? */) | |
338 || (p[9] >= p[1]))) | |
339 { | |
340 /* | |
341 * SSLv3 or tls1 header | |
342 */ | |
343 | |
344 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | |
345 /* We must look at client_version inside the Client Hell
o message | |
346 * to get the correct minor version. | |
347 * However if we have only a pathologically small fragme
nt of the | |
348 * Client Hello message, this would be difficult, and we
'd have | |
349 * to read more records to find out. | |
350 * No known SSL 3.0 client fragments ClientHello like th
is, | |
351 * so we simply assume TLS 1.0 to avoid protocol version
downgrade | |
352 * attacks. */ | |
353 if (p[3] == 0 && p[4] < 6) | |
354 { | |
355 #if 0 | |
356 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD
_TOO_SMALL); | |
357 goto err; | |
358 #else | |
359 v[1] = TLS1_VERSION_MINOR; | |
360 #endif | |
361 } | |
362 /* if major version number > 3 set minor to a value | |
363 * which will use the highest version 3 we support. | |
364 * If TLS 2.0 ever appears we will need to revise | |
365 * this.... | |
366 */ | |
367 else if (p[9] > SSL3_VERSION_MAJOR) | |
368 v[1]=0xff; | |
369 else | |
370 v[1]=p[10]; /* minor version according to client
_version */ | |
371 if (v[1] >= TLS1_VERSION_MINOR) | |
372 { | |
373 if (v[1] >= TLS1_2_VERSION_MINOR && | |
374 !(s->options & SSL_OP_NO_TLSv1_2)) | |
375 { | |
376 s->version=TLS1_2_VERSION; | |
377 type=3; | |
378 } | |
379 else if (v[1] >= TLS1_1_VERSION_MINOR && | |
380 !(s->options & SSL_OP_NO_TLSv1_1)) | |
381 { | |
382 s->version=TLS1_1_VERSION; | |
383 type=3; | |
384 } | |
385 else if (!(s->options & SSL_OP_NO_TLSv1)) | |
386 { | |
387 s->version=TLS1_VERSION; | |
388 type=3; | |
389 } | |
390 else if (!(s->options & SSL_OP_NO_SSLv3)) | |
391 { | |
392 s->version=SSL3_VERSION; | |
393 type=3; | |
394 } | |
395 } | |
396 else | |
397 { | |
398 /* client requests SSL 3.0 */ | |
399 if (!(s->options & SSL_OP_NO_SSLv3)) | |
400 { | |
401 s->version=SSL3_VERSION; | |
402 type=3; | |
403 } | |
404 else if (!(s->options & SSL_OP_NO_TLSv1)) | |
405 { | |
406 /* we won't be able to use TLS of course
, | |
407 * but this will send an appropriate ale
rt */ | |
408 s->version=TLS1_VERSION; | |
409 type=3; | |
410 } | |
411 } | |
412 } | |
413 else if ((strncmp("GET ", (char *)p,4) == 0) || | |
414 (strncmp("POST ",(char *)p,5) == 0) || | |
415 (strncmp("HEAD ",(char *)p,5) == 0) || | |
416 (strncmp("PUT ", (char *)p,4) == 0)) | |
417 { | |
418 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); | |
419 goto err; | |
420 } | |
421 else if (strncmp("CONNECT",(char *)p,7) == 0) | |
422 { | |
423 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_RE
QUEST); | |
424 goto err; | |
425 } | |
426 } | |
427 | |
428 #ifdef OPENSSL_FIPS | |
429 if (FIPS_mode() && (s->version < TLS1_VERSION)) | |
430 { | |
431 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
432 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | |
433 goto err; | |
434 } | |
435 #endif | |
436 | |
437 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | |
438 { | |
439 /* we have SSLv3/TLSv1 in an SSLv2 header | |
440 * (other cases skip this state) */ | |
441 | |
442 type=2; | |
443 p=s->packet; | |
444 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | |
445 v[1] = p[4]; | |
446 | |
447 n=((p[0]&0x7f)<<8)|p[1]; | |
448 if (n > (1024*4)) | |
449 { | |
450 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LAR
GE); | |
451 goto err; | |
452 } | |
453 | |
454 j=ssl23_read_bytes(s,n+2); | |
455 if (j <= 0) return(j); | |
456 | |
457 ssl3_finish_mac(s, s->packet+2, s->packet_length-2); | |
458 if (s->msg_callback) | |
459 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->pack
et_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | |
460 | |
461 p=s->packet; | |
462 p+=5; | |
463 n2s(p,csl); | |
464 n2s(p,sil); | |
465 n2s(p,cl); | |
466 d=(unsigned char *)s->init_buf->data; | |
467 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS ex
tensions in SSL 2.0 format | |
468 * Client Hello, can we
? Error condition should be | |
469 * '>' otherweise */ | |
470 { | |
471 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_
MISMATCH); | |
472 goto err; | |
473 } | |
474 | |
475 /* record header: msg_type ... */ | |
476 *(d++) = SSL3_MT_CLIENT_HELLO; | |
477 /* ... and length (actual value will be written later) */ | |
478 d_len = d; | |
479 d += 3; | |
480 | |
481 /* client_version */ | |
482 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | |
483 *(d++) = v[1]; | |
484 | |
485 /* lets populate the random area */ | |
486 /* get the challenge_length */ | |
487 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; | |
488 memset(d,0,SSL3_RANDOM_SIZE); | |
489 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); | |
490 d+=SSL3_RANDOM_SIZE; | |
491 | |
492 /* no session-id reuse */ | |
493 *(d++)=0; | |
494 | |
495 /* ciphers */ | |
496 j=0; | |
497 dd=d; | |
498 d+=2; | |
499 for (i=0; i<csl; i+=3) | |
500 { | |
501 if (p[i] != 0) continue; | |
502 *(d++)=p[i+1]; | |
503 *(d++)=p[i+2]; | |
504 j+=2; | |
505 } | |
506 s2n(j,dd); | |
507 | |
508 /* COMPRESSION */ | |
509 *(d++)=1; | |
510 *(d++)=0; | |
511 | |
512 #if 0 | |
513 /* copy any remaining data with may be extensions */ | |
514 p = p+csl+sil+cl; | |
515 while (p < s->packet+s->packet_length) | |
516 { | |
517 *(d++)=*(p++); | |
518 } | |
519 #endif | |
520 | |
521 i = (d-(unsigned char *)s->init_buf->data) - 4; | |
522 l2n3((long)i, d_len); | |
523 | |
524 /* get the data reused from the init_buf */ | |
525 s->s3->tmp.reuse_message=1; | |
526 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; | |
527 s->s3->tmp.message_size=i; | |
528 } | |
529 | |
530 /* imaginary new state (for program structure): */ | |
531 /* s->state = SSL23_SR_CLNT_HELLO_C */ | |
532 | |
533 if (type == 1) | |
534 { | |
535 #ifdef OPENSSL_NO_SSL2 | |
536 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | |
537 goto err; | |
538 #else | |
539 /* we are talking sslv2 */ | |
540 /* we need to clean up the SSLv3/TLSv1 setup and put in the | |
541 * sslv2 stuff. */ | |
542 | |
543 if (s->s2 == NULL) | |
544 { | |
545 if (!ssl2_new(s)) | |
546 goto err; | |
547 } | |
548 else | |
549 ssl2_clear(s); | |
550 | |
551 if (s->s3 != NULL) ssl3_free(s); | |
552 | |
553 if (!BUF_MEM_grow_clean(s->init_buf, | |
554 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) | |
555 { | |
556 goto err; | |
557 } | |
558 | |
559 s->state=SSL2_ST_GET_CLIENT_HELLO_A; | |
560 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3
) | |
561 s->s2->ssl2_rollback=0; | |
562 else | |
563 /* reject SSL 2.0 session if client supports SSL 3.0 or
TLS 1.0 | |
564 * (SSL 3.0 draft/RFC 2246, App. E.2) */ | |
565 s->s2->ssl2_rollback=1; | |
566 | |
567 /* setup the n bytes we have read so we get them from | |
568 * the sslv2 buffer */ | |
569 s->rstate=SSL_ST_READ_HEADER; | |
570 s->packet_length=n; | |
571 s->packet= &(s->s2->rbuf[0]); | |
572 memcpy(s->packet,buf,n); | |
573 s->s2->rbuf_left=n; | |
574 s->s2->rbuf_offs=0; | |
575 | |
576 s->method=SSLv2_server_method(); | |
577 s->handshake_func=s->method->ssl_accept; | |
578 #endif | |
579 } | |
580 | |
581 if ((type == 2) || (type == 3)) | |
582 { | |
583 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS sty
le) */ | |
584 | |
585 if (!ssl_init_wbio_buffer(s,1)) goto err; | |
586 | |
587 /* we are in this state */ | |
588 s->state=SSL3_ST_SR_CLNT_HELLO_A; | |
589 | |
590 if (type == 3) | |
591 { | |
592 /* put the 'n' bytes we have read into the input buffer | |
593 * for SSLv3 */ | |
594 s->rstate=SSL_ST_READ_HEADER; | |
595 s->packet_length=n; | |
596 if (s->s3->rbuf.buf == NULL) | |
597 if (!ssl3_setup_read_buffer(s)) | |
598 goto err; | |
599 | |
600 s->packet= &(s->s3->rbuf.buf[0]); | |
601 memcpy(s->packet,buf,n); | |
602 s->s3->rbuf.left=n; | |
603 s->s3->rbuf.offset=0; | |
604 } | |
605 else | |
606 { | |
607 s->packet_length=0; | |
608 s->s3->rbuf.left=0; | |
609 s->s3->rbuf.offset=0; | |
610 } | |
611 if (s->version == TLS1_2_VERSION) | |
612 s->method = TLSv1_2_server_method(); | |
613 else if (s->version == TLS1_1_VERSION) | |
614 s->method = TLSv1_1_server_method(); | |
615 else if (s->version == TLS1_VERSION) | |
616 s->method = TLSv1_server_method(); | |
617 else | |
618 s->method = SSLv3_server_method(); | |
619 #if 0 /* ssl3_get_client_hello does this */ | |
620 s->client_version=(v[0]<<8)|v[1]; | |
621 #endif | |
622 s->handshake_func=s->method->ssl_accept; | |
623 } | |
624 | |
625 if ((type < 1) || (type > 3)) | |
626 { | |
627 /* bad, very bad */ | |
628 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); | |
629 goto err; | |
630 } | |
631 s->init_num=0; | |
632 | |
633 if (buf != buf_space) OPENSSL_free(buf); | |
634 return(SSL_accept(s)); | |
635 err: | |
636 if (buf != buf_space) OPENSSL_free(buf); | |
637 return(-1); | |
638 } | |
OLD | NEW |