summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorguenther <>2014-04-16 15:10:07 +0000
committerguenther <>2014-04-16 15:10:07 +0000
commit07d70e2f624616050545c4fb6f6ba748c12b342e (patch)
treecd6b7bd17edfb25d9928b1c38f811f45391e4e97
parent0e08f2db38e867e26107d9826aa489a211882fb1 (diff)
downloadopenbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.gz
openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.tar.bz2
openbsd-07d70e2f624616050545c4fb6f6ba748c12b342e.zip
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
Diffstat
-rw-r--r--src/lib/libssl/s23_clnt.c283
-rw-r--r--src/lib/libssl/s23_srvr.c19
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c283
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c19
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c29
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c84
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h39
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c40
-rw-r--r--src/lib/libssl/src/ssl/ssl_txt.c4
-rw-r--r--src/lib/libssl/ssl_asn1.c29
-rw-r--r--src/lib/libssl/ssl_lib.c84
-rw-r--r--src/lib/libssl/ssl_locl.h39
-rw-r--r--src/lib/libssl/ssl_sess.c40
-rw-r--r--src/lib/libssl/ssl_txt.c4
14 files changed, 346 insertions, 650 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 7c9de0dd0e..a7b262229f 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s)
265 return 1; 265 return 1;
266} 266}
267 267
268/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 268/*
269 * on failure, 1 on success. */ 269 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
270 * on failure, 1 on success.
271 */
270int 272int
271ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 273ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
272{ 274{
@@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s)
294 unsigned char *p, *d; 296 unsigned char *p, *d;
295 int i, ch_len; 297 int i, ch_len;
296 unsigned long l; 298 unsigned long l;
297 int ssl2_compat;
298 int version = 0, version_major, version_minor; 299 int version = 0, version_major, version_minor;
299#ifndef OPENSSL_NO_COMP 300#ifndef OPENSSL_NO_COMP
300 int j; 301 int j;
@@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s)
303 int ret; 304 int ret;
304 unsigned long mask, options = s->options; 305 unsigned long mask, options = s->options;
305 306
306 ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
307
308 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
309 ssl2_compat = 0;
310
311 /* 307 /*
312 * SSL_OP_NO_X disables all protocols above X *if* there are 308 * SSL_OP_NO_X disables all protocols above X *if* there are
313 * some protocols below X enabled. This is required in order 309 * some protocols below X enabled. This is required in order
@@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s)
333 version = SSL3_VERSION; 329 version = SSL3_VERSION;
334 mask &= ~SSL_OP_NO_SSLv3; 330 mask &= ~SSL_OP_NO_SSLv3;
335 331
336#ifndef OPENSSL_NO_TLSEXT
337 if (version != SSL2_VERSION) {
338 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
339
340 if (s->tlsext_hostname != NULL)
341 ssl2_compat = 0;
342 if (s->tlsext_status_type != -1)
343 ssl2_compat = 0;
344#ifdef TLSEXT_TYPE_opaque_prf_input
345 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
346 ssl2_compat = 0;
347#endif
348 }
349#endif
350
351 buf = (unsigned char *)s->init_buf->data; 332 buf = (unsigned char *)s->init_buf->data;
352 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { 333 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
353#if 0 334#if 0
@@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s)
373 } else if (version == SSL3_VERSION) { 354 } else if (version == SSL3_VERSION) {
374 version_major = SSL3_VERSION_MAJOR; 355 version_major = SSL3_VERSION_MAJOR;
375 version_minor = SSL3_VERSION_MINOR; 356 version_minor = SSL3_VERSION_MINOR;
376 } else if (version == SSL2_VERSION) {
377 version_major = SSL2_VERSION_MAJOR;
378 version_minor = SSL2_VERSION_MINOR;
379 } else { 357 } else {
380 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); 358 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
381 return (-1); 359 return (-1);
@@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s)
383 361
384 s->client_version = version; 362 s->client_version = version;
385 363
386 if (ssl2_compat) { 364 /* create Client Hello in SSL 3.0/TLS 1.0 format */
387 /* create SSL 2.0 compatible Client Hello */
388
389 /* two byte record header will be written last */
390 d = &(buf[2]);
391 p = d + 9; /* leave space for message type, version, individual length fields */
392
393 *(d++) = SSL2_MT_CLIENT_HELLO;
394 *(d++) = version_major;
395 *(d++) = version_minor;
396
397 /* Ciphers supported */
398 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
399 if (i == 0) {
400 /* no ciphers */
401 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
402 return -1;
403 }
404 s2n(i, d);
405 p += i;
406
407 /* put in the session-id length (zero since there is no reuse) */
408#if 0
409 s->session->session_id_length = 0;
410#endif
411 s2n(0, d);
412
413 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
414 ch_len = SSL2_CHALLENGE_LENGTH;
415 else
416 ch_len = SSL2_MAX_CHALLENGE_LENGTH;
417
418 /* write out sslv2 challenge */
419 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
420 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
421 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
422 check in for futurproofing */
423 if (SSL3_RANDOM_SIZE < ch_len)
424 i = SSL3_RANDOM_SIZE;
425 else
426 i = ch_len;
427 s2n(i, d);
428 memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
429 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
430 return -1;
431
432 memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
433 p += i;
434
435 i = p- &(buf[2]);
436 buf[0] = ((i >> 8)&0xff)|0x80;
437 buf[1] = (i&0xff);
438
439 /* number of bytes to write */
440 s->init_num = i + 2;
441 s->init_off = 0;
442
443 ssl3_finish_mac(s, &(buf[2]), i);
444 } else {
445 /* create Client Hello in SSL 3.0/TLS 1.0 format */
446 365
447 /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 366 /*
448 d = p = &(buf[9]); 367 * Do the record header (5 bytes) and handshake
368 * message header (4 bytes) last
369 */
370 d = p = &(buf[9]);
449 371
450 *(p++) = version_major; 372 *(p++) = version_major;
451 *(p++) = version_minor; 373 *(p++) = version_minor;
452 374
453 /* Random stuff */ 375 /* Random stuff */
454 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 376 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
455 p += SSL3_RANDOM_SIZE; 377 p += SSL3_RANDOM_SIZE;
456 378
457 /* Session ID (zero since there is no reuse) */ 379 /* Session ID (zero since there is no reuse) */
458 *(p++) = 0; 380 *(p++) = 0;
459 381
460 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 382 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
461 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char); 383 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
462 if (i == 0) { 384 ssl3_put_cipher_by_char);
463 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 385 if (i == 0) {
464 return -1; 386 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
465 } 387 SSL_R_NO_CIPHERS_AVAILABLE);
388 return -1;
389 }
466#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 390#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
467 /* Some servers hang if client hello > 256 bytes 391 /*
468 * as hack workaround chop number of supported ciphers 392 * Some servers hang if client hello > 256 bytes
469 * to keep it well below this if we use TLS v1.2 393 * as hack workaround chop number of supported ciphers
470 */ 394 * to keep it well below this if we use TLS v1.2
471 if (TLS1_get_version(s) >= TLS1_2_VERSION && 395 */
472 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 396 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
473 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 397 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
398 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
474#endif 399#endif
475 s2n(i, p); 400 s2n(i, p);
476 p += i; 401 p += i;
477 402
478 /* COMPRESSION */ 403 /* COMPRESSION */
479#ifdef OPENSSL_NO_COMP 404#ifdef OPENSSL_NO_COMP
480 *(p++) = 1; 405 *(p++) = 1;
481#else 406#else
482 if ((s->options & SSL_OP_NO_COMPRESSION) || 407 if ((s->options & SSL_OP_NO_COMPRESSION) ||
483 !s->ctx->comp_methods) 408 !s->ctx->comp_methods)
484 j = 0; 409 j = 0;
485 else 410 else
486 j = sk_SSL_COMP_num(s->ctx->comp_methods); 411 j = sk_SSL_COMP_num(s->ctx->comp_methods);
487 *(p++) = 1 + j; 412 *(p++) = 1 + j;
488 for (i = 0; i < j; i++) { 413 for (i = 0; i < j; i++) {
489 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); 414 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
490 *(p++) = comp->id; 415 *(p++) = comp->id;
491 } 416 }
492#endif 417#endif
493 *(p++)=0; /* Add the NULL method */ 418 /* Add the NULL method */
419 *(p++) = 0;
494 420
495#ifndef OPENSSL_NO_TLSEXT 421#ifndef OPENSSL_NO_TLSEXT
496 /* TLS extensions*/ 422 /* TLS extensions*/
497 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 423 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
498 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 424 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
499 return -1; 425 SSL_R_CLIENTHELLO_TLSEXT);
500 } 426 return -1;
501 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 427 }
502 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 428 if ((p = ssl_add_clienthello_tlsext(s, p,
503 return -1; 429 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
504 } 430 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
431 return -1;
432 }
505#endif 433#endif
506 434
507 l = p - d; 435 l = p - d;
508
509 /* fill in 4-byte handshake header */
510 d = &(buf[5]);
511 *(d++) = SSL3_MT_CLIENT_HELLO;
512 l2n3(l, d);
513 436
514 l += 4; 437 /* fill in 4-byte handshake header */
438 d = &(buf[5]);
439 *(d++) = SSL3_MT_CLIENT_HELLO;
440 l2n3(l, d);
515 441
516 if (l > SSL3_RT_MAX_PLAIN_LENGTH) { 442 l += 4;
517 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
518 return -1;
519 }
520 443
521 /* fill in 5-byte record header */ 444 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
522 d = buf; 445 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
523 *(d++) = SSL3_RT_HANDSHAKE; 446 return -1;
524 *(d++) = version_major;
525 /* Some servers hang if we use long client hellos
526 * and a record number > TLS 1.0.
527 */
528 if (TLS1_get_client_version(s) > TLS1_VERSION)
529 *(d++) = 1;
530 else
531 *(d++) = version_minor;
532 s2n((int)l, d);
533
534 /* number of bytes to write */
535 s->init_num = p - buf;
536 s->init_off = 0;
537
538 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
539 } 447 }
540 448
449 /* fill in 5-byte record header */
450 d = buf;
451 *(d++) = SSL3_RT_HANDSHAKE;
452 *(d++) = version_major;
453
454 /*
455 * Some servers hang if we use long client hellos
456 * and a record number > TLS 1.0.
457 */
458 if (TLS1_get_client_version(s) > TLS1_VERSION)
459 *(d++) = 1;
460 else
461 *(d++) = version_minor;
462 s2n((int)l, d);
463
464 /* number of bytes to write */
465 s->init_num = p - buf;
466 s->init_off = 0;
467
468 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
469
541 s->state = SSL23_ST_CW_CLNT_HELLO_B; 470 s->state = SSL23_ST_CW_CLNT_HELLO_B;
542 s->init_off = 0; 471 s->init_off = 0;
543 } 472 }
@@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s)
548 if ((ret >= 2) && s->msg_callback) { 477 if ((ret >= 2) && s->msg_callback) {
549 /* Client Hello has been sent; tell msg_callback */ 478 /* Client Hello has been sent; tell msg_callback */
550 479
551 if (ssl2_compat) 480 s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
552 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); 481 s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
553 else
554 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
555 } 482 }
556 483
557 return ret; 484 return ret;
@@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s)
573 500
574 memcpy(buf, p, n); 501 memcpy(buf, p, n);
575 502
503 /* Old unsupported sslv2 handshake */
576 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 504 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
577 (p[5] == 0x00) && (p[6] == 0x02)) { 505 (p[5] == 0x00) && (p[6] == 0x02)) {
578 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 506 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
507 SSL_R_UNSUPPORTED_PROTOCOL);
579 goto err; 508 goto err;
580 } else if (p[1] == SSL3_VERSION_MAJOR && 509 }
510
511 if (p[1] == SSL3_VERSION_MAJOR &&
581 p[2] <= TLS1_2_VERSION_MINOR && 512 p[2] <= TLS1_2_VERSION_MINOR &&
582 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 513 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
583 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { 514 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
@@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s)
600 s->version = TLS1_2_VERSION; 531 s->version = TLS1_2_VERSION;
601 s->method = TLSv1_2_client_method(); 532 s->method = TLSv1_2_client_method();
602 } else { 533 } else {
603 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 534 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
535 SSL_R_UNSUPPORTED_PROTOCOL);
604 goto err; 536 goto err;
605 } 537 }
606 538
607 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { 539 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
608 /* fatal alert */ 540 /* fatal alert */
609
610 void (*cb)(const SSL *ssl, int type, int val) = NULL; 541 void (*cb)(const SSL *ssl, int type, int val) = NULL;
611 int j; 542 int j;
612 543
@@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s)
622 } 553 }
623 554
624 if (s->msg_callback) 555 if (s->msg_callback)
625 s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); 556 s->msg_callback(0, s->version, SSL3_RT_ALERT,
557 p + 5, 2, s, s->msg_callback_arg);
626 558
627 s->rwstate = SSL_NOTHING; 559 s->rwstate = SSL_NOTHING;
628 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); 560 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
561 SSL_AD_REASON_OFFSET + p[6]);
629 goto err; 562 goto err;
630 } 563 }
631 564
@@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s)
654 } 587 }
655 s->init_num = 0; 588 s->init_num = 0;
656 589
657 /* Since, if we are sending a ssl23 client hello, we are not 590 /*
658 * reusing a session-id */ 591 * Since, if we are sending a ssl23 client hello, we are not
592 * reusing a session-id
593 */
659 if (!ssl_get_new_session(s, 0)) 594 if (!ssl_get_new_session(s, 0))
660 goto err; 595 goto err;
661 596
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index a6062667a0..35651183b7 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -118,8 +118,8 @@
118 118
119static const SSL_METHOD *ssl23_get_server_method(int ver); 119static const SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s); 120int ssl23_get_client_hello(SSL *s);
121static const SSL_METHOD 121static const SSL_METHOD *
122*ssl23_get_server_method(int ver) 122ssl23_get_server_method(int ver)
123{ 123{
124 if (ver == SSL3_VERSION) 124 if (ver == SSL3_VERSION)
125 return (SSLv3_server_method()); 125 return (SSLv3_server_method());
@@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s)
402 402
403 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 403 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
404 if (s->msg_callback) 404 if (s->msg_callback)
405 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 405 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
406 s->packet_length-2, s, s->msg_callback_arg);
406 407
407 p = s->packet; 408 p = s->packet;
408 p += 5; 409 p += 5;
@@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s)
410 n2s(p, sil); 411 n2s(p, sil);
411 n2s(p, cl); 412 n2s(p, cl);
412 d = (unsigned char *)s->init_buf->data; 413 d = (unsigned char *)s->init_buf->data;
413 if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format 414 if ((csl + sil + cl + 11) != s->packet_length)
414 * Client Hello, can we ? Error condition should be
415 * '>' otherweise */
416 { 415 {
417 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); 416 /*
417 * We can't have TLS extensions in SSL 2.0 format
418 * Client Hello, can we ? Error condition should be
419 * '>' otherwise
420 */
421 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
422 SSL_R_RECORD_LENGTH_MISMATCH);
418 goto err; 423 goto err;
419 } 424 }
420 425
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 7c9de0dd0e..a7b262229f 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s)
265 return 1; 265 return 1;
266} 266}
267 267
268/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 268/*
269 * on failure, 1 on success. */ 269 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
270 * on failure, 1 on success.
271 */
270int 272int
271ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 273ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
272{ 274{
@@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s)
294 unsigned char *p, *d; 296 unsigned char *p, *d;
295 int i, ch_len; 297 int i, ch_len;
296 unsigned long l; 298 unsigned long l;
297 int ssl2_compat;
298 int version = 0, version_major, version_minor; 299 int version = 0, version_major, version_minor;
299#ifndef OPENSSL_NO_COMP 300#ifndef OPENSSL_NO_COMP
300 int j; 301 int j;
@@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s)
303 int ret; 304 int ret;
304 unsigned long mask, options = s->options; 305 unsigned long mask, options = s->options;
305 306
306 ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
307
308 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
309 ssl2_compat = 0;
310
311 /* 307 /*
312 * SSL_OP_NO_X disables all protocols above X *if* there are 308 * SSL_OP_NO_X disables all protocols above X *if* there are
313 * some protocols below X enabled. This is required in order 309 * some protocols below X enabled. This is required in order
@@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s)
333 version = SSL3_VERSION; 329 version = SSL3_VERSION;
334 mask &= ~SSL_OP_NO_SSLv3; 330 mask &= ~SSL_OP_NO_SSLv3;
335 331
336#ifndef OPENSSL_NO_TLSEXT
337 if (version != SSL2_VERSION) {
338 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
339
340 if (s->tlsext_hostname != NULL)
341 ssl2_compat = 0;
342 if (s->tlsext_status_type != -1)
343 ssl2_compat = 0;
344#ifdef TLSEXT_TYPE_opaque_prf_input
345 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
346 ssl2_compat = 0;
347#endif
348 }
349#endif
350
351 buf = (unsigned char *)s->init_buf->data; 332 buf = (unsigned char *)s->init_buf->data;
352 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { 333 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
353#if 0 334#if 0
@@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s)
373 } else if (version == SSL3_VERSION) { 354 } else if (version == SSL3_VERSION) {
374 version_major = SSL3_VERSION_MAJOR; 355 version_major = SSL3_VERSION_MAJOR;
375 version_minor = SSL3_VERSION_MINOR; 356 version_minor = SSL3_VERSION_MINOR;
376 } else if (version == SSL2_VERSION) {
377 version_major = SSL2_VERSION_MAJOR;
378 version_minor = SSL2_VERSION_MINOR;
379 } else { 357 } else {
380 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); 358 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
381 return (-1); 359 return (-1);
@@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s)
383 361
384 s->client_version = version; 362 s->client_version = version;
385 363
386 if (ssl2_compat) { 364 /* create Client Hello in SSL 3.0/TLS 1.0 format */
387 /* create SSL 2.0 compatible Client Hello */
388
389 /* two byte record header will be written last */
390 d = &(buf[2]);
391 p = d + 9; /* leave space for message type, version, individual length fields */
392
393 *(d++) = SSL2_MT_CLIENT_HELLO;
394 *(d++) = version_major;
395 *(d++) = version_minor;
396
397 /* Ciphers supported */
398 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
399 if (i == 0) {
400 /* no ciphers */
401 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
402 return -1;
403 }
404 s2n(i, d);
405 p += i;
406
407 /* put in the session-id length (zero since there is no reuse) */
408#if 0
409 s->session->session_id_length = 0;
410#endif
411 s2n(0, d);
412
413 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
414 ch_len = SSL2_CHALLENGE_LENGTH;
415 else
416 ch_len = SSL2_MAX_CHALLENGE_LENGTH;
417
418 /* write out sslv2 challenge */
419 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
420 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
421 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
422 check in for futurproofing */
423 if (SSL3_RANDOM_SIZE < ch_len)
424 i = SSL3_RANDOM_SIZE;
425 else
426 i = ch_len;
427 s2n(i, d);
428 memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
429 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
430 return -1;
431
432 memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
433 p += i;
434
435 i = p- &(buf[2]);
436 buf[0] = ((i >> 8)&0xff)|0x80;
437 buf[1] = (i&0xff);
438
439 /* number of bytes to write */
440 s->init_num = i + 2;
441 s->init_off = 0;
442
443 ssl3_finish_mac(s, &(buf[2]), i);
444 } else {
445 /* create Client Hello in SSL 3.0/TLS 1.0 format */
446 365
447 /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 366 /*
448 d = p = &(buf[9]); 367 * Do the record header (5 bytes) and handshake
368 * message header (4 bytes) last
369 */
370 d = p = &(buf[9]);
449 371
450 *(p++) = version_major; 372 *(p++) = version_major;
451 *(p++) = version_minor; 373 *(p++) = version_minor;
452 374
453 /* Random stuff */ 375 /* Random stuff */
454 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 376 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
455 p += SSL3_RANDOM_SIZE; 377 p += SSL3_RANDOM_SIZE;
456 378
457 /* Session ID (zero since there is no reuse) */ 379 /* Session ID (zero since there is no reuse) */
458 *(p++) = 0; 380 *(p++) = 0;
459 381
460 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 382 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
461 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char); 383 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
462 if (i == 0) { 384 ssl3_put_cipher_by_char);
463 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 385 if (i == 0) {
464 return -1; 386 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
465 } 387 SSL_R_NO_CIPHERS_AVAILABLE);
388 return -1;
389 }
466#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 390#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
467 /* Some servers hang if client hello > 256 bytes 391 /*
468 * as hack workaround chop number of supported ciphers 392 * Some servers hang if client hello > 256 bytes
469 * to keep it well below this if we use TLS v1.2 393 * as hack workaround chop number of supported ciphers
470 */ 394 * to keep it well below this if we use TLS v1.2
471 if (TLS1_get_version(s) >= TLS1_2_VERSION && 395 */
472 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 396 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
473 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 397 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
398 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
474#endif 399#endif
475 s2n(i, p); 400 s2n(i, p);
476 p += i; 401 p += i;
477 402
478 /* COMPRESSION */ 403 /* COMPRESSION */
479#ifdef OPENSSL_NO_COMP 404#ifdef OPENSSL_NO_COMP
480 *(p++) = 1; 405 *(p++) = 1;
481#else 406#else
482 if ((s->options & SSL_OP_NO_COMPRESSION) || 407 if ((s->options & SSL_OP_NO_COMPRESSION) ||
483 !s->ctx->comp_methods) 408 !s->ctx->comp_methods)
484 j = 0; 409 j = 0;
485 else 410 else
486 j = sk_SSL_COMP_num(s->ctx->comp_methods); 411 j = sk_SSL_COMP_num(s->ctx->comp_methods);
487 *(p++) = 1 + j; 412 *(p++) = 1 + j;
488 for (i = 0; i < j; i++) { 413 for (i = 0; i < j; i++) {
489 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); 414 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
490 *(p++) = comp->id; 415 *(p++) = comp->id;
491 } 416 }
492#endif 417#endif
493 *(p++)=0; /* Add the NULL method */ 418 /* Add the NULL method */
419 *(p++) = 0;
494 420
495#ifndef OPENSSL_NO_TLSEXT 421#ifndef OPENSSL_NO_TLSEXT
496 /* TLS extensions*/ 422 /* TLS extensions*/
497 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 423 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
498 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 424 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
499 return -1; 425 SSL_R_CLIENTHELLO_TLSEXT);
500 } 426 return -1;
501 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 427 }
502 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 428 if ((p = ssl_add_clienthello_tlsext(s, p,
503 return -1; 429 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
504 } 430 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
431 return -1;
432 }
505#endif 433#endif
506 434
507 l = p - d; 435 l = p - d;
508
509 /* fill in 4-byte handshake header */
510 d = &(buf[5]);
511 *(d++) = SSL3_MT_CLIENT_HELLO;
512 l2n3(l, d);
513 436
514 l += 4; 437 /* fill in 4-byte handshake header */
438 d = &(buf[5]);
439 *(d++) = SSL3_MT_CLIENT_HELLO;
440 l2n3(l, d);
515 441
516 if (l > SSL3_RT_MAX_PLAIN_LENGTH) { 442 l += 4;
517 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
518 return -1;
519 }
520 443
521 /* fill in 5-byte record header */ 444 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
522 d = buf; 445 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
523 *(d++) = SSL3_RT_HANDSHAKE; 446 return -1;
524 *(d++) = version_major;
525 /* Some servers hang if we use long client hellos
526 * and a record number > TLS 1.0.
527 */
528 if (TLS1_get_client_version(s) > TLS1_VERSION)
529 *(d++) = 1;
530 else
531 *(d++) = version_minor;
532 s2n((int)l, d);
533
534 /* number of bytes to write */
535 s->init_num = p - buf;
536 s->init_off = 0;
537
538 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
539 } 447 }
540 448
449 /* fill in 5-byte record header */
450 d = buf;
451 *(d++) = SSL3_RT_HANDSHAKE;
452 *(d++) = version_major;
453
454 /*
455 * Some servers hang if we use long client hellos
456 * and a record number > TLS 1.0.
457 */
458 if (TLS1_get_client_version(s) > TLS1_VERSION)
459 *(d++) = 1;
460 else
461 *(d++) = version_minor;
462 s2n((int)l, d);
463
464 /* number of bytes to write */
465 s->init_num = p - buf;
466 s->init_off = 0;
467
468 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
469
541 s->state = SSL23_ST_CW_CLNT_HELLO_B; 470 s->state = SSL23_ST_CW_CLNT_HELLO_B;
542 s->init_off = 0; 471 s->init_off = 0;
543 } 472 }
@@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s)
548 if ((ret >= 2) && s->msg_callback) { 477 if ((ret >= 2) && s->msg_callback) {
549 /* Client Hello has been sent; tell msg_callback */ 478 /* Client Hello has been sent; tell msg_callback */
550 479
551 if (ssl2_compat) 480 s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
552 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); 481 s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
553 else
554 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
555 } 482 }
556 483
557 return ret; 484 return ret;
@@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s)
573 500
574 memcpy(buf, p, n); 501 memcpy(buf, p, n);
575 502
503 /* Old unsupported sslv2 handshake */
576 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 504 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
577 (p[5] == 0x00) && (p[6] == 0x02)) { 505 (p[5] == 0x00) && (p[6] == 0x02)) {
578 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 506 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
507 SSL_R_UNSUPPORTED_PROTOCOL);
579 goto err; 508 goto err;
580 } else if (p[1] == SSL3_VERSION_MAJOR && 509 }
510
511 if (p[1] == SSL3_VERSION_MAJOR &&
581 p[2] <= TLS1_2_VERSION_MINOR && 512 p[2] <= TLS1_2_VERSION_MINOR &&
582 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 513 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
583 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { 514 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
@@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s)
600 s->version = TLS1_2_VERSION; 531 s->version = TLS1_2_VERSION;
601 s->method = TLSv1_2_client_method(); 532 s->method = TLSv1_2_client_method();
602 } else { 533 } else {
603 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 534 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
535 SSL_R_UNSUPPORTED_PROTOCOL);
604 goto err; 536 goto err;
605 } 537 }
606 538
607 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { 539 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
608 /* fatal alert */ 540 /* fatal alert */
609
610 void (*cb)(const SSL *ssl, int type, int val) = NULL; 541 void (*cb)(const SSL *ssl, int type, int val) = NULL;
611 int j; 542 int j;
612 543
@@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s)
622 } 553 }
623 554
624 if (s->msg_callback) 555 if (s->msg_callback)
625 s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); 556 s->msg_callback(0, s->version, SSL3_RT_ALERT,
557 p + 5, 2, s, s->msg_callback_arg);
626 558
627 s->rwstate = SSL_NOTHING; 559 s->rwstate = SSL_NOTHING;
628 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); 560 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
561 SSL_AD_REASON_OFFSET + p[6]);
629 goto err; 562 goto err;
630 } 563 }
631 564
@@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s)
654 } 587 }
655 s->init_num = 0; 588 s->init_num = 0;
656 589
657 /* Since, if we are sending a ssl23 client hello, we are not 590 /*
658 * reusing a session-id */ 591 * Since, if we are sending a ssl23 client hello, we are not
592 * reusing a session-id
593 */
659 if (!ssl_get_new_session(s, 0)) 594 if (!ssl_get_new_session(s, 0))
660 goto err; 595 goto err;
661 596
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index a6062667a0..35651183b7 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -118,8 +118,8 @@
118 118
119static const SSL_METHOD *ssl23_get_server_method(int ver); 119static const SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s); 120int ssl23_get_client_hello(SSL *s);
121static const SSL_METHOD 121static const SSL_METHOD *
122*ssl23_get_server_method(int ver) 122ssl23_get_server_method(int ver)
123{ 123{
124 if (ver == SSL3_VERSION) 124 if (ver == SSL3_VERSION)
125 return (SSLv3_server_method()); 125 return (SSLv3_server_method());
@@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s)
402 402
403 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); 403 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
404 if (s->msg_callback) 404 if (s->msg_callback)
405 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 405 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
406 s->packet_length-2, s, s->msg_callback_arg);
406 407
407 p = s->packet; 408 p = s->packet;
408 p += 5; 409 p += 5;
@@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s)
410 n2s(p, sil); 411 n2s(p, sil);
411 n2s(p, cl); 412 n2s(p, cl);
412 d = (unsigned char *)s->init_buf->data; 413 d = (unsigned char *)s->init_buf->data;
413 if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format 414 if ((csl + sil + cl + 11) != s->packet_length)
414 * Client Hello, can we ? Error condition should be
415 * '>' otherweise */
416 { 415 {
417 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); 416 /*
417 * We can't have TLS extensions in SSL 2.0 format
418 * Client Hello, can we ? Error condition should be
419 * '>' otherwise
420 */
421 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
422 SSL_R_RECORD_LENGTH_MISMATCH);
418 goto err; 423 goto err;
419 } 424 }
420 425
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 51668db785..28e295f6a4 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
165 l = in->cipher_id; 165 l = in->cipher_id;
166 else 166 else
167 l = in->cipher->id; 167 l = in->cipher->id;
168 if (in->ssl_version == SSL2_VERSION) { 168 a.cipher.length = 2;
169 a.cipher.length = 3; 169 buf[0] = ((unsigned char)(l >> 8L))&0xff;
170 buf[0] = ((unsigned char)(l >> 16L))&0xff; 170 buf[1] = ((unsigned char)(l ))&0xff;
171 buf[1] = ((unsigned char)(l >> 8L))&0xff;
172 buf[2] = ((unsigned char)(l ))&0xff;
173 } else {
174 a.cipher.length = 2;
175 buf[0] = ((unsigned char)(l >> 8L))&0xff;
176 buf[1] = ((unsigned char)(l ))&0xff;
177 }
178 171
179#ifndef OPENSSL_NO_COMP 172#ifndef OPENSSL_NO_COMP
180 if (in->compress_meth) { 173 if (in->compress_meth) {
@@ -400,16 +393,7 @@ long length)
400 os.data = NULL; 393 os.data = NULL;
401 os.length = 0; 394 os.length = 0;
402 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); 395 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
403 if (ssl_version == SSL2_VERSION) { 396 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
404 if (os.length != 3) {
405 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
406 goto err;
407 }
408 id = 0x02000000L|
409 ((unsigned long)os.data[0]<<16L)|
410 ((unsigned long)os.data[1]<< 8L)|
411 (unsigned long)os.data[2];
412 } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
413 if (os.length != 2) { 397 if (os.length != 2) {
414 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; 398 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
415 goto err; 399 goto err;
@@ -426,10 +410,7 @@ long length)
426 ret->cipher_id = id; 410 ret->cipher_id = id;
427 411
428 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); 412 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
429 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) 413 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
430 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
431 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
432 i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
433 414
434 if (os.length > i) 415 if (os.length > i)
435 os.length = i; 416 os.length = i;
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index b5ba0f4aac..a0882e4521 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -250,7 +250,7 @@ SSL_clear(SSL *s)
250 return (1); 250 return (1);
251} 251}
252 252
253/** Used to change an SSL_CTXs default SSL method type */ 253/* Used to change an SSL_CTXs default SSL method type */
254int 254int
255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
256{ 256{
@@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
259 ctx->method = meth; 259 ctx->method = meth;
260 260
261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
262 &(ctx->cipher_list_by_id), 262 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 263 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
265 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 264 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
266 return (0); 265 return (0);
@@ -437,11 +436,13 @@ int
437SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 436SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
438 unsigned int id_len) 437 unsigned int id_len)
439{ 438{
440 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 439 /*
441 * we can "construct" a session to give us the desired check - ie. to 440 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
442 * find if there's a session in the hash table that would conflict with 441 * shows how we can "construct" a session to give us the desired
443 * any new session built out of this id/id_len and the ssl_version in 442 * check - ie. to find if there's a session in the hash table
444 * use by this SSL. */ 443 * that would conflict with any new session built out of this
444 * id/id_len and the ssl_version in use by this SSL.
445 */
445 SSL_SESSION r, *p; 446 SSL_SESSION r, *p;
446 447
447 if (id_len > sizeof r.session_id) 448 if (id_len > sizeof r.session_id)
@@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
450 r.ssl_version = ssl->version; 451 r.ssl_version = ssl->version;
451 r.session_id_length = id_len; 452 r.session_id_length = id_len;
452 memcpy(r.session_id, id, id_len); 453 memcpy(r.session_id, id, id_len);
453 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
454 * callback is calling us to check the uniqueness of a shorter ID, it
455 * must be compared as a padded-out ID because that is what it will be
456 * converted to when the callback has finished choosing it. */
457 if ((r.ssl_version == SSL2_VERSION) &&
458 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
459 memset(r.session_id + id_len, 0,
460 SSL2_SSL_SESSION_ID_LENGTH - id_len);
461 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
462 }
463 454
464 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 455 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
465 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 456 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@@ -1777,11 +1768,10 @@ SSL_CTX
1777 if (ret->cert_store == NULL) 1768 if (ret->cert_store == NULL)
1778 goto err; 1769 goto err;
1779 1770
1780 ssl_create_cipher_list(ret->method, 1771 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1781 &ret->cipher_list, &ret->cipher_list_by_id, 1772 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1782 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 1773 if (ret->cipher_list == NULL ||
1783 if (ret->cipher_list == NULL 1774 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1784 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1785 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1775 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1786 goto err2; 1776 goto err2;
1787 } 1777 }
@@ -1790,10 +1780,6 @@ SSL_CTX
1790 if (!ret->param) 1780 if (!ret->param)
1791 goto err; 1781 goto err;
1792 1782
1793 if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
1794 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1795 goto err2;
1796 }
1797 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1783 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1798 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1784 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1799 goto err2; 1785 goto err2;
@@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i)
2483 if (BIO_should_read(bio)) 2469 if (BIO_should_read(bio))
2484 return (SSL_ERROR_WANT_READ); 2470 return (SSL_ERROR_WANT_READ);
2485 else if (BIO_should_write(bio)) 2471 else if (BIO_should_write(bio))
2486 /* This one doesn't make too much sense ... We never try 2472 /*
2487 * to write to the rbio, and an application program where 2473 * This one doesn't make too much sense... We never
2488 * rbio and wbio are separate couldn't even know what it 2474 * try to write to the rbio, and an application
2489 * should wait for. 2475 * program where rbio and wbio are separate couldn't
2490 * However if we ever set s->rwstate incorrectly 2476 * even know what it should wait for. However if we
2491 * (so that we have SSL_want_read(s) instead of 2477 * ever set s->rwstate incorrectly (so that we have
2492 * SSL_want_write(s)) and rbio and wbio *are* the same, 2478 * SSL_want_read(s) instead of SSL_want_write(s))
2493 * this test works around that bug; so it might be safer 2479 * and rbio and wbio *are* the same, this test works
2494 * to keep it. */ 2480 * around that bug; so it might be safer to keep it.
2481 */
2495 return (SSL_ERROR_WANT_WRITE); 2482 return (SSL_ERROR_WANT_WRITE);
2496 else if (BIO_should_io_special(bio)) { 2483 else if (BIO_should_io_special(bio)) {
2497 reason = BIO_get_retry_reason(bio); 2484 reason = BIO_get_retry_reason(bio);
@@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i)
2526 } 2513 }
2527 2514
2528 if (i == 0) { 2515 if (i == 0) {
2529 if (s->version == SSL2_VERSION) { 2516 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2530 /* assume it is the socket being closed */ 2517 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2531 return (SSL_ERROR_ZERO_RETURN); 2518 return (SSL_ERROR_ZERO_RETURN);
2532 } else {
2533 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2534 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2535 return (SSL_ERROR_ZERO_RETURN);
2536 }
2537 } 2519 }
2538 return (SSL_ERROR_SYSCALL); 2520 return (SSL_ERROR_SYSCALL);
2539} 2521}
@@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s)
2605 return (0); 2587 return (0);
2606} 2588}
2607 2589
2608SSL_METHOD 2590SSL_METHOD *
2609*ssl_bad_method(int ver) 2591ssl_bad_method(int ver)
2610{ 2592{
2611 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2593 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2612 return (NULL); 2594 return (NULL);
2613} 2595}
2614 2596
2615const char 2597const char *
2616*SSL_get_version(const SSL *s) 2598SSL_get_version(const SSL *s)
2617{ 2599{
2618 if (s->version == TLS1_2_VERSION) 2600 if (s->version == TLS1_2_VERSION)
2619 return("TLSv1.2"); 2601 return("TLSv1.2");
@@ -2623,14 +2605,12 @@ const char
2623 return("TLSv1"); 2605 return("TLSv1");
2624 else if (s->version == SSL3_VERSION) 2606 else if (s->version == SSL3_VERSION)
2625 return("SSLv3"); 2607 return("SSLv3");
2626 else if (s->version == SSL2_VERSION)
2627 return("SSLv2");
2628 else 2608 else
2629 return("unknown"); 2609 return("unknown");
2630} 2610}
2631 2611
2632SSL 2612SSL *
2633*SSL_dup(SSL *s) 2613SSL_dup(SSL *s)
2634{ 2614{
2635 STACK_OF(X509_NAME) *sk; 2615 STACK_OF(X509_NAME) *sk;
2636 X509_NAME *xn; 2616 X509_NAME *xn;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 203a47480f..e9c3a6bcd8 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -521,7 +521,7 @@ typedef struct cert_st {
521 521
522 522
523typedef struct sess_cert_st { 523typedef struct sess_cert_st {
524 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ 524 STACK_OF(X509) *cert_chain; /* as received from peer */
525 525
526 /* The 'peer_...' members are used only by clients. */ 526 /* The 'peer_...' members are used only by clients. */
527 int peer_cert_type; 527 int peer_cert_type;
@@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \
731 return &func_name##_data; \ 731 return &func_name##_data; \
732 } 732 }
733 733
734#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
735const SSL_METHOD *func_name(void) \
736 { \
737 static const SSL_METHOD func_name##_data= { \
738 SSL2_VERSION, \
739 ssl2_new, /* local */ \
740 ssl2_clear, /* local */ \
741 ssl2_free, /* local */ \
742 s_accept, \
743 s_connect, \
744 ssl2_read, \
745 ssl2_peek, \
746 ssl2_write, \
747 ssl2_shutdown, \
748 ssl_ok, /* NULL - renegotiate */ \
749 ssl_ok, /* NULL - check renegotiate */ \
750 NULL, /* NULL - ssl_get_message */ \
751 NULL, /* NULL - ssl_get_record */ \
752 NULL, /* NULL - ssl_write_bytes */ \
753 NULL, /* NULL - dispatch_alert */ \
754 ssl2_ctrl, /* local */ \
755 ssl2_ctx_ctrl, /* local */ \
756 ssl2_get_cipher_by_char, \
757 ssl2_put_cipher_by_char, \
758 ssl2_pending, \
759 ssl2_num_ciphers, \
760 ssl2_get_cipher, \
761 s_get_meth, \
762 ssl2_default_timeout, \
763 &ssl3_undef_enc_method, \
764 ssl_undefined_void_function, \
765 ssl2_callback_ctrl, /* local */ \
766 ssl2_ctx_callback_ctrl, /* local */ \
767 }; \
768 return &func_name##_data; \
769 }
770
771#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 734#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
772const SSL_METHOD *func_name(void) \ 735const SSL_METHOD *func_name(void) \
773 { \ 736 { \
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index b29115862b..0b1c655820 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session)
301 } 301 }
302 302
303 if (session) { 303 if (session) {
304 if (s->version == SSL2_VERSION) { 304 switch (s->version) {
305 ss->ssl_version = SSL2_VERSION; 305 case SSL3_VERSION:
306 ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 306 case TLS1_VERSION:
307 } else if (s->version == SSL3_VERSION) { 307 case TLS1_1_VERSION:
308 ss->ssl_version = SSL3_VERSION; 308 case TLS1_2_VERSION:
309 case DTLS1_BAD_VER:
310 case DTLS1_VERSION:
311 ss->ssl_version = s->version;
309 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
310 } else if (s->version == TLS1_VERSION) { 313 break;
311 ss->ssl_version = TLS1_VERSION; 314 default:
312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 315 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
313 } else if (s->version == TLS1_1_VERSION) { 316 SSL_R_UNSUPPORTED_SSL_VERSION);
314 ss->ssl_version = TLS1_1_VERSION;
315 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
316 } else if (s->version == TLS1_2_VERSION) {
317 ss->ssl_version = TLS1_2_VERSION;
318 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
319 } else if (s->version == DTLS1_BAD_VER) {
320 ss->ssl_version = DTLS1_BAD_VER;
321 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
322 } else if (s->version == DTLS1_VERSION) {
323 ss->ssl_version = DTLS1_VERSION;
324 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
325 } else {
326 SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
327 SSL_SESSION_free(ss); 317 SSL_SESSION_free(ss);
328 return (0); 318 return (0);
329 } 319 }
@@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session)
359 SSL_SESSION_free(ss); 349 SSL_SESSION_free(ss);
360 return (0); 350 return (0);
361 } 351 }
362 /* If the session length was shrunk and we're SSLv2, pad it */ 352 ss->session_id_length = tmp;
363 if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
364 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
365 else
366 ss->session_id_length = tmp;
367 /* Finally, check for a conflict */ 353 /* Finally, check for a conflict */
368 if (SSL_has_matching_session_id(s, ss->session_id, 354 if (SSL_has_matching_session_id(s, ss->session_id,
369 ss->session_id_length)) { 355 ss->session_id_length)) {
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index 5186e396ec..91664ffe43 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
114 goto err; 114 goto err;
115 if (BIO_puts(bp, "SSL-Session:\n") 115 if (BIO_puts(bp, "SSL-Session:\n")
116 <= 0) goto err; 116 <= 0) goto err;
117 if (x->ssl_version == SSL2_VERSION) 117 if (x->ssl_version == SSL3_VERSION)
118 s="SSLv2";
119 else if (x->ssl_version == SSL3_VERSION)
120 s="SSLv3"; 118 s="SSLv3";
121 else if (x->ssl_version == TLS1_2_VERSION) 119 else if (x->ssl_version == TLS1_2_VERSION)
122 s="TLSv1.2"; 120 s="TLSv1.2";
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 51668db785..28e295f6a4 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
165 l = in->cipher_id; 165 l = in->cipher_id;
166 else 166 else
167 l = in->cipher->id; 167 l = in->cipher->id;
168 if (in->ssl_version == SSL2_VERSION) { 168 a.cipher.length = 2;
169 a.cipher.length = 3; 169 buf[0] = ((unsigned char)(l >> 8L))&0xff;
170 buf[0] = ((unsigned char)(l >> 16L))&0xff; 170 buf[1] = ((unsigned char)(l ))&0xff;
171 buf[1] = ((unsigned char)(l >> 8L))&0xff;
172 buf[2] = ((unsigned char)(l ))&0xff;
173 } else {
174 a.cipher.length = 2;
175 buf[0] = ((unsigned char)(l >> 8L))&0xff;
176 buf[1] = ((unsigned char)(l ))&0xff;
177 }
178 171
179#ifndef OPENSSL_NO_COMP 172#ifndef OPENSSL_NO_COMP
180 if (in->compress_meth) { 173 if (in->compress_meth) {
@@ -400,16 +393,7 @@ long length)
400 os.data = NULL; 393 os.data = NULL;
401 os.length = 0; 394 os.length = 0;
402 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); 395 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
403 if (ssl_version == SSL2_VERSION) { 396 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
404 if (os.length != 3) {
405 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
406 goto err;
407 }
408 id = 0x02000000L|
409 ((unsigned long)os.data[0]<<16L)|
410 ((unsigned long)os.data[1]<< 8L)|
411 (unsigned long)os.data[2];
412 } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
413 if (os.length != 2) { 397 if (os.length != 2) {
414 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; 398 c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
415 goto err; 399 goto err;
@@ -426,10 +410,7 @@ long length)
426 ret->cipher_id = id; 410 ret->cipher_id = id;
427 411
428 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); 412 M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
429 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) 413 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
430 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
431 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
432 i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
433 414
434 if (os.length > i) 415 if (os.length > i)
435 os.length = i; 416 os.length = i;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b5ba0f4aac..a0882e4521 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -250,7 +250,7 @@ SSL_clear(SSL *s)
250 return (1); 250 return (1);
251} 251}
252 252
253/** Used to change an SSL_CTXs default SSL method type */ 253/* Used to change an SSL_CTXs default SSL method type */
254int 254int
255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 255SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
256{ 256{
@@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
259 ctx->method = meth; 259 ctx->method = meth;
260 260
261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 261 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
262 &(ctx->cipher_list_by_id), 262 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 263 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
265 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 264 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
266 return (0); 265 return (0);
@@ -437,11 +436,13 @@ int
437SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 436SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
438 unsigned int id_len) 437 unsigned int id_len)
439{ 438{
440 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 439 /*
441 * we can "construct" a session to give us the desired check - ie. to 440 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
442 * find if there's a session in the hash table that would conflict with 441 * shows how we can "construct" a session to give us the desired
443 * any new session built out of this id/id_len and the ssl_version in 442 * check - ie. to find if there's a session in the hash table
444 * use by this SSL. */ 443 * that would conflict with any new session built out of this
444 * id/id_len and the ssl_version in use by this SSL.
445 */
445 SSL_SESSION r, *p; 446 SSL_SESSION r, *p;
446 447
447 if (id_len > sizeof r.session_id) 448 if (id_len > sizeof r.session_id)
@@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
450 r.ssl_version = ssl->version; 451 r.ssl_version = ssl->version;
451 r.session_id_length = id_len; 452 r.session_id_length = id_len;
452 memcpy(r.session_id, id, id_len); 453 memcpy(r.session_id, id, id_len);
453 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
454 * callback is calling us to check the uniqueness of a shorter ID, it
455 * must be compared as a padded-out ID because that is what it will be
456 * converted to when the callback has finished choosing it. */
457 if ((r.ssl_version == SSL2_VERSION) &&
458 (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
459 memset(r.session_id + id_len, 0,
460 SSL2_SSL_SESSION_ID_LENGTH - id_len);
461 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
462 }
463 454
464 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 455 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
465 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 456 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@@ -1777,11 +1768,10 @@ SSL_CTX
1777 if (ret->cert_store == NULL) 1768 if (ret->cert_store == NULL)
1778 goto err; 1769 goto err;
1779 1770
1780 ssl_create_cipher_list(ret->method, 1771 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1781 &ret->cipher_list, &ret->cipher_list_by_id, 1772 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1782 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 1773 if (ret->cipher_list == NULL ||
1783 if (ret->cipher_list == NULL 1774 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1784 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1785 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1775 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
1786 goto err2; 1776 goto err2;
1787 } 1777 }
@@ -1790,10 +1780,6 @@ SSL_CTX
1790 if (!ret->param) 1780 if (!ret->param)
1791 goto err; 1781 goto err;
1792 1782
1793 if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
1794 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1795 goto err2;
1796 }
1797 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1783 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1798 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1784 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1799 goto err2; 1785 goto err2;
@@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i)
2483 if (BIO_should_read(bio)) 2469 if (BIO_should_read(bio))
2484 return (SSL_ERROR_WANT_READ); 2470 return (SSL_ERROR_WANT_READ);
2485 else if (BIO_should_write(bio)) 2471 else if (BIO_should_write(bio))
2486 /* This one doesn't make too much sense ... We never try 2472 /*
2487 * to write to the rbio, and an application program where 2473 * This one doesn't make too much sense... We never
2488 * rbio and wbio are separate couldn't even know what it 2474 * try to write to the rbio, and an application
2489 * should wait for. 2475 * program where rbio and wbio are separate couldn't
2490 * However if we ever set s->rwstate incorrectly 2476 * even know what it should wait for. However if we
2491 * (so that we have SSL_want_read(s) instead of 2477 * ever set s->rwstate incorrectly (so that we have
2492 * SSL_want_write(s)) and rbio and wbio *are* the same, 2478 * SSL_want_read(s) instead of SSL_want_write(s))
2493 * this test works around that bug; so it might be safer 2479 * and rbio and wbio *are* the same, this test works
2494 * to keep it. */ 2480 * around that bug; so it might be safer to keep it.
2481 */
2495 return (SSL_ERROR_WANT_WRITE); 2482 return (SSL_ERROR_WANT_WRITE);
2496 else if (BIO_should_io_special(bio)) { 2483 else if (BIO_should_io_special(bio)) {
2497 reason = BIO_get_retry_reason(bio); 2484 reason = BIO_get_retry_reason(bio);
@@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i)
2526 } 2513 }
2527 2514
2528 if (i == 0) { 2515 if (i == 0) {
2529 if (s->version == SSL2_VERSION) { 2516 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2530 /* assume it is the socket being closed */ 2517 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2531 return (SSL_ERROR_ZERO_RETURN); 2518 return (SSL_ERROR_ZERO_RETURN);
2532 } else {
2533 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2534 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2535 return (SSL_ERROR_ZERO_RETURN);
2536 }
2537 } 2519 }
2538 return (SSL_ERROR_SYSCALL); 2520 return (SSL_ERROR_SYSCALL);
2539} 2521}
@@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s)
2605 return (0); 2587 return (0);
2606} 2588}
2607 2589
2608SSL_METHOD 2590SSL_METHOD *
2609*ssl_bad_method(int ver) 2591ssl_bad_method(int ver)
2610{ 2592{
2611 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2593 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2612 return (NULL); 2594 return (NULL);
2613} 2595}
2614 2596
2615const char 2597const char *
2616*SSL_get_version(const SSL *s) 2598SSL_get_version(const SSL *s)
2617{ 2599{
2618 if (s->version == TLS1_2_VERSION) 2600 if (s->version == TLS1_2_VERSION)
2619 return("TLSv1.2"); 2601 return("TLSv1.2");
@@ -2623,14 +2605,12 @@ const char
2623 return("TLSv1"); 2605 return("TLSv1");
2624 else if (s->version == SSL3_VERSION) 2606 else if (s->version == SSL3_VERSION)
2625 return("SSLv3"); 2607 return("SSLv3");
2626 else if (s->version == SSL2_VERSION)
2627 return("SSLv2");
2628 else 2608 else
2629 return("unknown"); 2609 return("unknown");
2630} 2610}
2631 2611
2632SSL 2612SSL *
2633*SSL_dup(SSL *s) 2613SSL_dup(SSL *s)
2634{ 2614{
2635 STACK_OF(X509_NAME) *sk; 2615 STACK_OF(X509_NAME) *sk;
2636 X509_NAME *xn; 2616 X509_NAME *xn;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 203a47480f..e9c3a6bcd8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -521,7 +521,7 @@ typedef struct cert_st {
521 521
522 522
523typedef struct sess_cert_st { 523typedef struct sess_cert_st {
524 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ 524 STACK_OF(X509) *cert_chain; /* as received from peer */
525 525
526 /* The 'peer_...' members are used only by clients. */ 526 /* The 'peer_...' members are used only by clients. */
527 int peer_cert_type; 527 int peer_cert_type;
@@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \
731 return &func_name##_data; \ 731 return &func_name##_data; \
732 } 732 }
733 733
734#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
735const SSL_METHOD *func_name(void) \
736 { \
737 static const SSL_METHOD func_name##_data= { \
738 SSL2_VERSION, \
739 ssl2_new, /* local */ \
740 ssl2_clear, /* local */ \
741 ssl2_free, /* local */ \
742 s_accept, \
743 s_connect, \
744 ssl2_read, \
745 ssl2_peek, \
746 ssl2_write, \
747 ssl2_shutdown, \
748 ssl_ok, /* NULL - renegotiate */ \
749 ssl_ok, /* NULL - check renegotiate */ \
750 NULL, /* NULL - ssl_get_message */ \
751 NULL, /* NULL - ssl_get_record */ \
752 NULL, /* NULL - ssl_write_bytes */ \
753 NULL, /* NULL - dispatch_alert */ \
754 ssl2_ctrl, /* local */ \
755 ssl2_ctx_ctrl, /* local */ \
756 ssl2_get_cipher_by_char, \
757 ssl2_put_cipher_by_char, \
758 ssl2_pending, \
759 ssl2_num_ciphers, \
760 ssl2_get_cipher, \
761 s_get_meth, \
762 ssl2_default_timeout, \
763 &ssl3_undef_enc_method, \
764 ssl_undefined_void_function, \
765 ssl2_callback_ctrl, /* local */ \
766 ssl2_ctx_callback_ctrl, /* local */ \
767 }; \
768 return &func_name##_data; \
769 }
770
771#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 734#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
772const SSL_METHOD *func_name(void) \ 735const SSL_METHOD *func_name(void) \
773 { \ 736 { \
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index b29115862b..0b1c655820 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session)
301 } 301 }
302 302
303 if (session) { 303 if (session) {
304 if (s->version == SSL2_VERSION) { 304 switch (s->version) {
305 ss->ssl_version = SSL2_VERSION; 305 case SSL3_VERSION:
306 ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 306 case TLS1_VERSION:
307 } else if (s->version == SSL3_VERSION) { 307 case TLS1_1_VERSION:
308 ss->ssl_version = SSL3_VERSION; 308 case TLS1_2_VERSION:
309 case DTLS1_BAD_VER:
310 case DTLS1_VERSION:
311 ss->ssl_version = s->version;
309 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
310 } else if (s->version == TLS1_VERSION) { 313 break;
311 ss->ssl_version = TLS1_VERSION; 314 default:
312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 315 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
313 } else if (s->version == TLS1_1_VERSION) { 316 SSL_R_UNSUPPORTED_SSL_VERSION);
314 ss->ssl_version = TLS1_1_VERSION;
315 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
316 } else if (s->version == TLS1_2_VERSION) {
317 ss->ssl_version = TLS1_2_VERSION;
318 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
319 } else if (s->version == DTLS1_BAD_VER) {
320 ss->ssl_version = DTLS1_BAD_VER;
321 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
322 } else if (s->version == DTLS1_VERSION) {
323 ss->ssl_version = DTLS1_VERSION;
324 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
325 } else {
326 SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
327 SSL_SESSION_free(ss); 317 SSL_SESSION_free(ss);
328 return (0); 318 return (0);
329 } 319 }
@@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session)
359 SSL_SESSION_free(ss); 349 SSL_SESSION_free(ss);
360 return (0); 350 return (0);
361 } 351 }
362 /* If the session length was shrunk and we're SSLv2, pad it */ 352 ss->session_id_length = tmp;
363 if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
364 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
365 else
366 ss->session_id_length = tmp;
367 /* Finally, check for a conflict */ 353 /* Finally, check for a conflict */
368 if (SSL_has_matching_session_id(s, ss->session_id, 354 if (SSL_has_matching_session_id(s, ss->session_id,
369 ss->session_id_length)) { 355 ss->session_id_length)) {
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 5186e396ec..91664ffe43 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
114 goto err; 114 goto err;
115 if (BIO_puts(bp, "SSL-Session:\n") 115 if (BIO_puts(bp, "SSL-Session:\n")
116 <= 0) goto err; 116 <= 0) goto err;
117 if (x->ssl_version == SSL2_VERSION) 117 if (x->ssl_version == SSL3_VERSION)
118 s="SSLv2";
119 else if (x->ssl_version == SSL3_VERSION)
120 s="SSLv3"; 118 s="SSLv3";
121 else if (x->ssl_version == TLS1_2_VERSION) 119 else if (x->ssl_version == TLS1_2_VERSION)
122 s="TLSv1.2"; 120 s="TLSv1.2";
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:40:55 +0000