diff options
| author | cvs2svn <admin@example.com> | 2015-03-08 16:48:49 +0000 |
|---|---|---|
| committer | cvs2svn <admin@example.com> | 2015-03-08 16:48:49 +0000 |
| commit | decf84ba5550c1656a7fdb51b5b81969590c3f03 (patch) | |
| tree | 44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libssl/s23_clnt.c | |
| parent | 7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (diff) | |
| download | openbsd-libressl-v2.1.5.tar.gz openbsd-libressl-v2.1.5.tar.bz2 openbsd-libressl-v2.1.5.zip | |
This commit was manufactured by cvs2git to create branch 'OPENBSD_5_7'.libressl-v2.1.5
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 567 |
1 files changed, 0 insertions, 567 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c deleted file mode 100644 index 4159ae0580..0000000000 --- a/src/lib/libssl/s23_clnt.c +++ /dev/null | |||
| @@ -1,567 +0,0 @@ | |||
| 1 | /* $OpenBSD: s23_clnt.c,v 1.36 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <stdio.h> | ||
| 113 | |||
| 114 | #include "ssl_locl.h" | ||
| 115 | |||
| 116 | #include <openssl/buffer.h> | ||
| 117 | #include <openssl/evp.h> | ||
| 118 | #include <openssl/objects.h> | ||
| 119 | |||
| 120 | static const SSL_METHOD *ssl23_get_client_method(int ver); | ||
| 121 | static int ssl23_client_hello(SSL *s); | ||
| 122 | static int ssl23_get_server_hello(SSL *s); | ||
| 123 | |||
| 124 | const SSL_METHOD SSLv23_client_method_data = { | ||
| 125 | .version = TLS1_2_VERSION, | ||
| 126 | .ssl_new = tls1_new, | ||
| 127 | .ssl_clear = tls1_clear, | ||
| 128 | .ssl_free = tls1_free, | ||
| 129 | .ssl_accept = ssl_undefined_function, | ||
| 130 | .ssl_connect = ssl23_connect, | ||
| 131 | .ssl_read = ssl23_read, | ||
| 132 | .ssl_peek = ssl23_peek, | ||
| 133 | .ssl_write = ssl23_write, | ||
| 134 | .ssl_shutdown = ssl_undefined_function, | ||
| 135 | .ssl_renegotiate = ssl_undefined_function, | ||
| 136 | .ssl_renegotiate_check = ssl_ok, | ||
| 137 | .ssl_get_message = ssl3_get_message, | ||
| 138 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 139 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 140 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 141 | .ssl_ctrl = ssl3_ctrl, | ||
| 142 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 143 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 144 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 145 | .ssl_pending = ssl_undefined_const_function, | ||
| 146 | .num_ciphers = ssl3_num_ciphers, | ||
| 147 | .get_cipher = ssl3_get_cipher, | ||
| 148 | .get_ssl_method = ssl23_get_client_method, | ||
| 149 | .get_timeout = ssl23_default_timeout, | ||
| 150 | .ssl3_enc = &ssl3_undef_enc_method, | ||
| 151 | .ssl_version = ssl_undefined_void_function, | ||
| 152 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 153 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 154 | }; | ||
| 155 | |||
| 156 | const SSL_METHOD * | ||
| 157 | SSLv23_client_method(void) | ||
| 158 | { | ||
| 159 | return &SSLv23_client_method_data; | ||
| 160 | } | ||
| 161 | |||
| 162 | static const SSL_METHOD * | ||
| 163 | ssl23_get_client_method(int ver) | ||
| 164 | { | ||
| 165 | if (ver == SSL3_VERSION) | ||
| 166 | return (SSLv3_client_method()); | ||
| 167 | if (ver == TLS1_VERSION) | ||
| 168 | return (TLSv1_client_method()); | ||
| 169 | if (ver == TLS1_1_VERSION) | ||
| 170 | return (TLSv1_1_client_method()); | ||
| 171 | if (ver == TLS1_2_VERSION) | ||
| 172 | return (TLSv1_2_client_method()); | ||
| 173 | return (NULL); | ||
| 174 | } | ||
| 175 | |||
| 176 | int | ||
| 177 | ssl23_connect(SSL *s) | ||
| 178 | { | ||
| 179 | BUF_MEM *buf = NULL; | ||
| 180 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 181 | int ret = -1; | ||
| 182 | int new_state, state; | ||
| 183 | |||
| 184 | ERR_clear_error(); | ||
| 185 | errno = 0; | ||
| 186 | |||
| 187 | if (s->info_callback != NULL) | ||
| 188 | cb = s->info_callback; | ||
| 189 | else if (s->ctx->info_callback != NULL) | ||
| 190 | cb = s->ctx->info_callback; | ||
| 191 | |||
| 192 | s->in_handshake++; | ||
| 193 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 194 | SSL_clear(s); | ||
| 195 | |||
| 196 | for (;;) { | ||
| 197 | state = s->state; | ||
| 198 | |||
| 199 | switch (s->state) { | ||
| 200 | case SSL_ST_BEFORE: | ||
| 201 | case SSL_ST_CONNECT: | ||
| 202 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 203 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 204 | |||
| 205 | if (s->session != NULL) { | ||
| 206 | SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE); | ||
| 207 | ret = -1; | ||
| 208 | goto end; | ||
| 209 | } | ||
| 210 | s->server = 0; | ||
| 211 | if (cb != NULL) | ||
| 212 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 213 | |||
| 214 | /* s->version=TLS1_VERSION; */ | ||
| 215 | s->type = SSL_ST_CONNECT; | ||
| 216 | |||
| 217 | if (s->init_buf == NULL) { | ||
| 218 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 219 | ret = -1; | ||
| 220 | goto end; | ||
| 221 | } | ||
| 222 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 223 | ret = -1; | ||
| 224 | goto end; | ||
| 225 | } | ||
| 226 | s->init_buf = buf; | ||
| 227 | buf = NULL; | ||
| 228 | } | ||
| 229 | |||
| 230 | if (!ssl3_setup_buffers(s)) { | ||
| 231 | ret = -1; | ||
| 232 | goto end; | ||
| 233 | } | ||
| 234 | |||
| 235 | if (!ssl3_init_finished_mac(s)) { | ||
| 236 | ret = -1; | ||
| 237 | goto end; | ||
| 238 | } | ||
| 239 | |||
| 240 | s->state = SSL23_ST_CW_CLNT_HELLO_A; | ||
| 241 | s->ctx->stats.sess_connect++; | ||
| 242 | s->init_num = 0; | ||
| 243 | break; | ||
| 244 | |||
| 245 | case SSL23_ST_CW_CLNT_HELLO_A: | ||
| 246 | case SSL23_ST_CW_CLNT_HELLO_B: | ||
| 247 | |||
| 248 | s->shutdown = 0; | ||
| 249 | ret = ssl23_client_hello(s); | ||
| 250 | if (ret <= 0) | ||
| 251 | goto end; | ||
| 252 | s->state = SSL23_ST_CR_SRVR_HELLO_A; | ||
| 253 | s->init_num = 0; | ||
| 254 | |||
| 255 | break; | ||
| 256 | |||
| 257 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 258 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 259 | ret = ssl23_get_server_hello(s); | ||
| 260 | if (ret >= 0) | ||
| 261 | cb = NULL; | ||
| 262 | goto end; | ||
| 263 | /* break; */ | ||
| 264 | |||
| 265 | default: | ||
| 266 | SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE); | ||
| 267 | ret = -1; | ||
| 268 | goto end; | ||
| 269 | /* break; */ | ||
| 270 | } | ||
| 271 | |||
| 272 | if (s->debug) { | ||
| 273 | (void)BIO_flush(s->wbio); | ||
| 274 | } | ||
| 275 | |||
| 276 | if ((cb != NULL) && (s->state != state)) { | ||
| 277 | new_state = s->state; | ||
| 278 | s->state = state; | ||
| 279 | cb(s, SSL_CB_CONNECT_LOOP, 1); | ||
| 280 | s->state = new_state; | ||
| 281 | } | ||
| 282 | } | ||
| 283 | end: | ||
| 284 | s->in_handshake--; | ||
| 285 | if (buf != NULL) | ||
| 286 | BUF_MEM_free(buf); | ||
| 287 | if (cb != NULL) | ||
| 288 | cb(s, SSL_CB_CONNECT_EXIT, ret); | ||
| 289 | return (ret); | ||
| 290 | } | ||
| 291 | |||
| 292 | static int | ||
| 293 | ssl23_client_hello(SSL *s) | ||
| 294 | { | ||
| 295 | unsigned char *buf; | ||
| 296 | unsigned char *p, *d; | ||
| 297 | int i; | ||
| 298 | unsigned long l; | ||
| 299 | int version = 0, version_major, version_minor; | ||
| 300 | int ret; | ||
| 301 | unsigned long mask, options = s->options; | ||
| 302 | |||
| 303 | /* | ||
| 304 | * SSL_OP_NO_X disables all protocols above X *if* there are | ||
| 305 | * some protocols below X enabled. This is required in order | ||
| 306 | * to maintain "version capability" vector contiguous. So | ||
| 307 | * that if application wants to disable TLS1.0 in favour of | ||
| 308 | * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the | ||
| 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. | ||
| 310 | */ | ||
| 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; | ||
| 312 | version = TLS1_2_VERSION; | ||
| 313 | |||
| 314 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) | ||
| 315 | version = TLS1_1_VERSION; | ||
| 316 | mask &= ~SSL_OP_NO_TLSv1_1; | ||
| 317 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) | ||
| 318 | version = TLS1_VERSION; | ||
| 319 | mask &= ~SSL_OP_NO_TLSv1; | ||
| 320 | if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) | ||
| 321 | version = SSL3_VERSION; | ||
| 322 | mask &= ~SSL_OP_NO_SSLv3; | ||
| 323 | |||
| 324 | buf = (unsigned char *)s->init_buf->data; | ||
| 325 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { | ||
| 326 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 327 | |||
| 328 | if (version == TLS1_2_VERSION) { | ||
| 329 | version_major = TLS1_2_VERSION_MAJOR; | ||
| 330 | version_minor = TLS1_2_VERSION_MINOR; | ||
| 331 | } else if (version == TLS1_1_VERSION) { | ||
| 332 | version_major = TLS1_1_VERSION_MAJOR; | ||
| 333 | version_minor = TLS1_1_VERSION_MINOR; | ||
| 334 | } else if (version == TLS1_VERSION) { | ||
| 335 | version_major = TLS1_VERSION_MAJOR; | ||
| 336 | version_minor = TLS1_VERSION_MINOR; | ||
| 337 | } else if (version == SSL3_VERSION) { | ||
| 338 | version_major = SSL3_VERSION_MAJOR; | ||
| 339 | version_minor = SSL3_VERSION_MINOR; | ||
| 340 | } else { | ||
| 341 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); | ||
| 342 | return (-1); | ||
| 343 | } | ||
| 344 | |||
| 345 | s->client_version = version; | ||
| 346 | |||
| 347 | /* create Client Hello in SSL 3.0/TLS 1.0 format */ | ||
| 348 | |||
| 349 | /* | ||
| 350 | * Do the record header (5 bytes) and handshake | ||
| 351 | * message header (4 bytes) last | ||
| 352 | */ | ||
| 353 | d = p = &(buf[9]); | ||
| 354 | |||
| 355 | *(p++) = version_major; | ||
| 356 | *(p++) = version_minor; | ||
| 357 | |||
| 358 | /* Random stuff */ | ||
| 359 | memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 360 | p += SSL3_RANDOM_SIZE; | ||
| 361 | |||
| 362 | /* Session ID (zero since there is no reuse) */ | ||
| 363 | *(p++) = 0; | ||
| 364 | |||
| 365 | /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ | ||
| 366 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); | ||
| 367 | if (i == 0) { | ||
| 368 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 369 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 370 | return -1; | ||
| 371 | } | ||
| 372 | #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH | ||
| 373 | /* | ||
| 374 | * Some servers hang if client hello > 256 bytes | ||
| 375 | * as hack workaround chop number of supported ciphers | ||
| 376 | * to keep it well below this if we use TLS v1.2 | ||
| 377 | */ | ||
| 378 | if (TLS1_get_version(s) >= TLS1_2_VERSION && | ||
| 379 | i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) | ||
| 380 | i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; | ||
| 381 | #endif | ||
| 382 | s2n(i, p); | ||
| 383 | p += i; | ||
| 384 | |||
| 385 | /* add in (no) COMPRESSION */ | ||
| 386 | *(p++) = 1; | ||
| 387 | /* Add the NULL method */ | ||
| 388 | *(p++) = 0; | ||
| 389 | |||
| 390 | /* TLS extensions*/ | ||
| 391 | if (ssl_prepare_clienthello_tlsext(s) <= 0) { | ||
| 392 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 393 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 394 | return -1; | ||
| 395 | } | ||
| 396 | if ((p = ssl_add_clienthello_tlsext(s, p, | ||
| 397 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | ||
| 398 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 399 | return -1; | ||
| 400 | } | ||
| 401 | |||
| 402 | l = p - d; | ||
| 403 | |||
| 404 | /* fill in 4-byte handshake header */ | ||
| 405 | d = &(buf[5]); | ||
| 406 | *(d++) = SSL3_MT_CLIENT_HELLO; | ||
| 407 | l2n3(l, d); | ||
| 408 | |||
| 409 | l += 4; | ||
| 410 | |||
| 411 | if (l > SSL3_RT_MAX_PLAIN_LENGTH) { | ||
| 412 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 413 | return -1; | ||
| 414 | } | ||
| 415 | |||
| 416 | /* fill in 5-byte record header */ | ||
| 417 | d = buf; | ||
| 418 | *(d++) = SSL3_RT_HANDSHAKE; | ||
| 419 | *(d++) = version_major; | ||
| 420 | |||
| 421 | /* | ||
| 422 | * Some servers hang if we use long client hellos | ||
| 423 | * and a record number > TLS 1.0. | ||
| 424 | */ | ||
| 425 | if (TLS1_get_client_version(s) > TLS1_VERSION) | ||
| 426 | *(d++) = 1; | ||
| 427 | else | ||
| 428 | *(d++) = version_minor; | ||
| 429 | s2n((int)l, d); | ||
| 430 | |||
| 431 | /* number of bytes to write */ | ||
| 432 | s->init_num = p - buf; | ||
| 433 | s->init_off = 0; | ||
| 434 | |||
| 435 | ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); | ||
| 436 | |||
| 437 | s->state = SSL23_ST_CW_CLNT_HELLO_B; | ||
| 438 | s->init_off = 0; | ||
| 439 | } | ||
| 440 | |||
| 441 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
| 442 | ret = ssl23_write_bytes(s); | ||
| 443 | |||
| 444 | if ((ret >= 2) && s->msg_callback) { | ||
| 445 | /* Client Hello has been sent; tell msg_callback */ | ||
| 446 | |||
| 447 | s->msg_callback(1, version, SSL3_RT_HANDSHAKE, | ||
| 448 | s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); | ||
| 449 | } | ||
| 450 | |||
| 451 | return ret; | ||
| 452 | } | ||
| 453 | |||
| 454 | static int | ||
| 455 | ssl23_get_server_hello(SSL *s) | ||
| 456 | { | ||
| 457 | char buf[8]; | ||
| 458 | unsigned char *p; | ||
| 459 | int i; | ||
| 460 | int n; | ||
| 461 | |||
| 462 | n = ssl23_read_bytes(s, 7); | ||
| 463 | |||
| 464 | if (n != 7) | ||
| 465 | return (n); | ||
| 466 | p = s->packet; | ||
| 467 | |||
| 468 | memcpy(buf, p, n); | ||
| 469 | |||
| 470 | /* Old unsupported sslv2 handshake */ | ||
| 471 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && | ||
| 472 | (p[5] == 0x00) && (p[6] == 0x02)) { | ||
| 473 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 474 | SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 475 | goto err; | ||
| 476 | } | ||
| 477 | |||
| 478 | if (p[1] == SSL3_VERSION_MAJOR && | ||
| 479 | p[2] <= TLS1_2_VERSION_MINOR && | ||
| 480 | ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || | ||
| 481 | (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { | ||
| 482 | /* we have sslv3 or tls1 (server hello or alert) */ | ||
| 483 | |||
| 484 | if ((p[2] == SSL3_VERSION_MINOR) && | ||
| 485 | !(s->options & SSL_OP_NO_SSLv3)) { | ||
| 486 | s->version = SSL3_VERSION; | ||
| 487 | s->method = SSLv3_client_method(); | ||
| 488 | } else if ((p[2] == TLS1_VERSION_MINOR) && | ||
| 489 | !(s->options & SSL_OP_NO_TLSv1)) { | ||
| 490 | s->version = TLS1_VERSION; | ||
| 491 | s->method = TLSv1_client_method(); | ||
| 492 | } else if ((p[2] == TLS1_1_VERSION_MINOR) && | ||
| 493 | !(s->options & SSL_OP_NO_TLSv1_1)) { | ||
| 494 | s->version = TLS1_1_VERSION; | ||
| 495 | s->method = TLSv1_1_client_method(); | ||
| 496 | } else if ((p[2] == TLS1_2_VERSION_MINOR) && | ||
| 497 | !(s->options & SSL_OP_NO_TLSv1_2)) { | ||
| 498 | s->version = TLS1_2_VERSION; | ||
| 499 | s->method = TLSv1_2_client_method(); | ||
| 500 | } else { | ||
| 501 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 502 | SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 503 | goto err; | ||
| 504 | } | ||
| 505 | |||
| 506 | if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { | ||
| 507 | /* fatal alert */ | ||
| 508 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 509 | int j; | ||
| 510 | |||
| 511 | if (s->info_callback != NULL) | ||
| 512 | cb = s->info_callback; | ||
| 513 | else if (s->ctx->info_callback != NULL) | ||
| 514 | cb = s->ctx->info_callback; | ||
| 515 | |||
| 516 | i = p[5]; | ||
| 517 | if (cb != NULL) { | ||
| 518 | j = (i << 8) | p[6]; | ||
| 519 | cb(s, SSL_CB_READ_ALERT, j); | ||
| 520 | } | ||
| 521 | |||
| 522 | if (s->msg_callback) | ||
| 523 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | ||
| 524 | p + 5, 2, s, s->msg_callback_arg); | ||
| 525 | |||
| 526 | s->rwstate = SSL_NOTHING; | ||
| 527 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 528 | SSL_AD_REASON_OFFSET + p[6]); | ||
| 529 | goto err; | ||
| 530 | } | ||
| 531 | |||
| 532 | if (!ssl_init_wbio_buffer(s, 1)) | ||
| 533 | goto err; | ||
| 534 | |||
| 535 | /* we are in this state */ | ||
| 536 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 537 | |||
| 538 | /* put the 7 bytes we have read into the input buffer | ||
| 539 | * for SSLv3 */ | ||
| 540 | s->rstate = SSL_ST_READ_HEADER; | ||
| 541 | s->packet_length = n; | ||
| 542 | if (s->s3->rbuf.buf == NULL) | ||
| 543 | if (!ssl3_setup_read_buffer(s)) | ||
| 544 | goto err; | ||
| 545 | s->packet = &(s->s3->rbuf.buf[0]); | ||
| 546 | memcpy(s->packet, buf, n); | ||
| 547 | s->s3->rbuf.left = n; | ||
| 548 | s->s3->rbuf.offset = 0; | ||
| 549 | |||
| 550 | s->handshake_func = s->method->ssl_connect; | ||
| 551 | } else { | ||
| 552 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL); | ||
| 553 | goto err; | ||
| 554 | } | ||
| 555 | s->init_num = 0; | ||
| 556 | |||
| 557 | /* | ||
| 558 | * Since, if we are sending a ssl23 client hello, we are not | ||
| 559 | * reusing a session-id | ||
| 560 | */ | ||
| 561 | if (!ssl_get_new_session(s, 0)) | ||
| 562 | goto err; | ||
| 563 | |||
| 564 | return (SSL_connect(s)); | ||
| 565 | err: | ||
| 566 | return (-1); | ||
| 567 | } | ||