summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 15:15:33 +0000
committerjsing <>2014-04-14 15:15:33 +0000
commit30f92658fa4e1357cfcee9c077a21e928970d290 (patch)
tree225d880512d3748d996f5d84d5d01521efe52b02 /src/lib/libssl/s23_clnt.c
parent6c233db50b8fc1d31e373868a83572c35271ca51 (diff)
downloadopenbsd-30f92658fa4e1357cfcee9c077a21e928970d290.tar.gz
openbsd-30f92658fa4e1357cfcee9c077a21e928970d290.tar.bz2
openbsd-30f92658fa4e1357cfcee9c077a21e928970d290.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
-rw-r--r--src/lib/libssl/s23_clnt.c620
1 files changed, 290 insertions, 330 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 6315e9d876..0fd388a05a 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -119,160 +119,163 @@
119static const SSL_METHOD *ssl23_get_client_method(int ver); 119static const SSL_METHOD *ssl23_get_client_method(int ver);
120static int ssl23_client_hello(SSL *s); 120static int ssl23_client_hello(SSL *s);
121static int ssl23_get_server_hello(SSL *s); 121static int ssl23_get_server_hello(SSL *s);
122static const SSL_METHOD *ssl23_get_client_method(int ver) 122static const SSL_METHOD
123 { 123*ssl23_get_client_method(int ver)
124{
124#ifndef OPENSSL_NO_SSL2 125#ifndef OPENSSL_NO_SSL2
125 if (ver == SSL2_VERSION) 126 if (ver == SSL2_VERSION)
126 return(SSLv2_client_method()); 127 return (SSLv2_client_method());
127#endif 128#endif
128 if (ver == SSL3_VERSION) 129 if (ver == SSL3_VERSION)
129 return(SSLv3_client_method()); 130 return (SSLv3_client_method());
130 else if (ver == TLS1_VERSION) 131 else if (ver == TLS1_VERSION)
131 return(TLSv1_client_method()); 132 return (TLSv1_client_method());
132 else if (ver == TLS1_1_VERSION) 133 else if (ver == TLS1_1_VERSION)
133 return(TLSv1_1_client_method()); 134 return (TLSv1_1_client_method());
134 else if (ver == TLS1_2_VERSION) 135 else if (ver == TLS1_2_VERSION)
135 return(TLSv1_2_client_method()); 136 return (TLSv1_2_client_method());
136 else 137 else
137 return(NULL); 138 return (NULL);
138 } 139}
139 140
140IMPLEMENT_ssl23_meth_func(SSLv23_client_method, 141IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
141 ssl_undefined_function, 142 ssl_undefined_function, ssl23_connect, ssl23_get_client_method)
142 ssl23_connect, 143
143 ssl23_get_client_method) 144int
144 145ssl23_connect(SSL *s)
145int ssl23_connect(SSL *s) 146{
146 { 147 BUF_MEM *buf = NULL;
147 BUF_MEM *buf=NULL; 148 unsigned long Time = (unsigned long)time(NULL);
148 unsigned long Time=(unsigned long)time(NULL); 149 void (*cb)(const SSL *ssl, int type, int val) = NULL;
149 void (*cb)(const SSL *ssl,int type,int val)=NULL; 150 int ret = -1;
150 int ret= -1; 151 int new_state, state;
151 int new_state,state; 152
152 153 RAND_add(&Time, sizeof(Time), 0);
153 RAND_add(&Time,sizeof(Time),0);
154 ERR_clear_error(); 154 ERR_clear_error();
155 errno = 0; 155 errno = 0;
156 156
157 if (s->info_callback != NULL) 157 if (s->info_callback != NULL)
158 cb=s->info_callback; 158 cb = s->info_callback;
159 else if (s->ctx->info_callback != NULL) 159 else if (s->ctx->info_callback != NULL)
160 cb=s->ctx->info_callback; 160 cb = s->ctx->info_callback;
161 161
162 s->in_handshake++; 162 s->in_handshake++;
163 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 163 if (!SSL_in_init(s) || SSL_in_before(s))
164 SSL_clear(s);
164 165
165 for (;;) 166 for (;;) {
166 { 167 state = s->state;
167 state=s->state;
168 168
169 switch(s->state) 169 switch (s->state) {
170 {
171 case SSL_ST_BEFORE: 170 case SSL_ST_BEFORE:
172 case SSL_ST_CONNECT: 171 case SSL_ST_CONNECT:
173 case SSL_ST_BEFORE|SSL_ST_CONNECT: 172 case SSL_ST_BEFORE|SSL_ST_CONNECT:
174 case SSL_ST_OK|SSL_ST_CONNECT: 173 case SSL_ST_OK|SSL_ST_CONNECT:
175 174
176 if (s->session != NULL) 175 if (s->session != NULL) {
177 { 176 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE);
178 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); 177 ret = -1;
179 ret= -1;
180 goto end; 178 goto end;
181 } 179 }
182 s->server=0; 180 s->server = 0;
183 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 181 if (cb != NULL)
182 cb(s, SSL_CB_HANDSHAKE_START, 1);
184 183
185 /* s->version=TLS1_VERSION; */ 184 /* s->version=TLS1_VERSION; */
186 s->type=SSL_ST_CONNECT; 185 s->type = SSL_ST_CONNECT;
187 186
188 if (s->init_buf == NULL) 187 if (s->init_buf == NULL) {
189 { 188 if ((buf = BUF_MEM_new()) == NULL) {
190 if ((buf=BUF_MEM_new()) == NULL) 189 ret = -1;
191 {
192 ret= -1;
193 goto end; 190 goto end;
194 } 191 }
195 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 192 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
196 { 193 ret = -1;
197 ret= -1;
198 goto end; 194 goto end;
199 }
200 s->init_buf=buf;
201 buf=NULL;
202 } 195 }
196 s->init_buf = buf;
197 buf = NULL;
198 }
203 199
204 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 200 if (!ssl3_setup_buffers(s)) {
201 ret = -1;
202 goto end;
203 }
205 204
206 ssl3_init_finished_mac(s); 205 ssl3_init_finished_mac(s);
207 206
208 s->state=SSL23_ST_CW_CLNT_HELLO_A; 207 s->state = SSL23_ST_CW_CLNT_HELLO_A;
209 s->ctx->stats.sess_connect++; 208 s->ctx->stats.sess_connect++;
210 s->init_num=0; 209 s->init_num = 0;
211 break; 210 break;
212 211
213 case SSL23_ST_CW_CLNT_HELLO_A: 212 case SSL23_ST_CW_CLNT_HELLO_A:
214 case SSL23_ST_CW_CLNT_HELLO_B: 213 case SSL23_ST_CW_CLNT_HELLO_B:
215 214
216 s->shutdown=0; 215 s->shutdown = 0;
217 ret=ssl23_client_hello(s); 216 ret = ssl23_client_hello(s);
218 if (ret <= 0) goto end; 217 if (ret <= 0)
219 s->state=SSL23_ST_CR_SRVR_HELLO_A; 218 goto end;
220 s->init_num=0; 219 s->state = SSL23_ST_CR_SRVR_HELLO_A;
220 s->init_num = 0;
221 221
222 break; 222 break;
223 223
224 case SSL23_ST_CR_SRVR_HELLO_A: 224 case SSL23_ST_CR_SRVR_HELLO_A:
225 case SSL23_ST_CR_SRVR_HELLO_B: 225 case SSL23_ST_CR_SRVR_HELLO_B:
226 ret=ssl23_get_server_hello(s); 226 ret = ssl23_get_server_hello(s);
227 if (ret >= 0) cb=NULL; 227 if (ret >= 0)
228 cb = NULL;
228 goto end; 229 goto end;
229 /* break; */ 230 /* break; */
230 231
231 default: 232 default:
232 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); 233 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
233 ret= -1; 234 ret = -1;
234 goto end; 235 goto end;
235 /* break; */ 236 /* break; */
236 } 237 }
237 238
238 if (s->debug) { (void)BIO_flush(s->wbio); } 239 if (s->debug) {
240 (void)BIO_flush(s->wbio);
241 }
239 242
240 if ((cb != NULL) && (s->state != state)) 243 if ((cb != NULL) && (s->state != state)) {
241 { 244 new_state = s->state;
242 new_state=s->state; 245 s->state = state;
243 s->state=state; 246 cb(s, SSL_CB_CONNECT_LOOP, 1);
244 cb(s,SSL_CB_CONNECT_LOOP,1); 247 s->state = new_state;
245 s->state=new_state;
246 }
247 } 248 }
249 }
248end: 250end:
249 s->in_handshake--; 251 s->in_handshake--;
250 if (buf != NULL) 252 if (buf != NULL)
251 BUF_MEM_free(buf); 253 BUF_MEM_free(buf);
252 if (cb != NULL) 254 if (cb != NULL)
253 cb(s,SSL_CB_CONNECT_EXIT,ret); 255 cb(s, SSL_CB_CONNECT_EXIT, ret);
254 return(ret); 256 return (ret);
255 } 257}
256 258
257static int ssl23_no_ssl2_ciphers(SSL *s) 259static int
258 { 260ssl23_no_ssl2_ciphers(SSL *s)
261{
259 SSL_CIPHER *cipher; 262 SSL_CIPHER *cipher;
260 STACK_OF(SSL_CIPHER) *ciphers; 263 STACK_OF(SSL_CIPHER) *ciphers;
261 int i; 264 int i;
262 ciphers = SSL_get_ciphers(s); 265 ciphers = SSL_get_ciphers(s);
263 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) 266 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
264 {
265 cipher = sk_SSL_CIPHER_value(ciphers, i); 267 cipher = sk_SSL_CIPHER_value(ciphers, i);
266 if (cipher->algorithm_ssl == SSL_SSLV2) 268 if (cipher->algorithm_ssl == SSL_SSLV2)
267 return 0; 269 return 0;
268 }
269 return 1;
270 } 270 }
271 return 1;
272}
271 273
272/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 274/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
273 * on failure, 1 on success. */ 275 * on failure, 1 on success. */
274int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 276int
275 { 277ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
278{
276 int send_time = 0; 279 int send_time = 0;
277 280
278 if (len < 4) 281 if (len < 4)
@@ -281,22 +284,21 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
281 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; 284 send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
282 else 285 else
283 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; 286 send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
284 if (send_time) 287 if (send_time) {
285 {
286 unsigned long Time = (unsigned long)time(NULL); 288 unsigned long Time = (unsigned long)time(NULL);
287 unsigned char *p = result; 289 unsigned char *p = result;
288 l2n(Time, p); 290 l2n(Time, p);
289 return RAND_pseudo_bytes(p, len-4); 291 return RAND_pseudo_bytes(p, len - 4);
290 } 292 } else
291 else
292 return RAND_pseudo_bytes(result, len); 293 return RAND_pseudo_bytes(result, len);
293 } 294}
294 295
295static int ssl23_client_hello(SSL *s) 296static int
296 { 297ssl23_client_hello(SSL *s)
298{
297 unsigned char *buf; 299 unsigned char *buf;
298 unsigned char *p,*d; 300 unsigned char *p, *d;
299 int i,ch_len; 301 int i, ch_len;
300 unsigned long l; 302 unsigned long l;
301 int ssl2_compat; 303 int ssl2_compat;
302 int version = 0, version_major, version_minor; 304 int version = 0, version_major, version_minor;
@@ -320,14 +322,14 @@ static int ssl23_client_hello(SSL *s)
320 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the 322 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
321 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. 323 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
322 */ 324 */
323 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 325 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1
324#if !defined(OPENSSL_NO_SSL3) 326#if !defined(OPENSSL_NO_SSL3)
325 |SSL_OP_NO_SSLv3 327 |SSL_OP_NO_SSLv3
326#endif 328#endif
327#if !defined(OPENSSL_NO_SSL2) 329#if !defined(OPENSSL_NO_SSL2)
328 |(ssl2_compat?SSL_OP_NO_SSLv2:0) 330 |(ssl2_compat ? SSL_OP_NO_SSLv2 : 0)
329#endif 331#endif
330 ; 332 ;
331#if !defined(OPENSSL_NO_TLS1_2_CLIENT) 333#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
332 version = TLS1_2_VERSION; 334 version = TLS1_2_VERSION;
333 335
@@ -351,8 +353,7 @@ static int ssl23_client_hello(SSL *s)
351#endif 353#endif
352 354
353#ifndef OPENSSL_NO_TLSEXT 355#ifndef OPENSSL_NO_TLSEXT
354 if (version != SSL2_VERSION) 356 if (version != SSL2_VERSION) {
355 {
356 /* have to disable SSL 2.0 compatibility if we need TLS extensions */ 357 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
357 358
358 if (s->tlsext_hostname != NULL) 359 if (s->tlsext_hostname != NULL)
@@ -363,67 +364,53 @@ static int ssl23_client_hello(SSL *s)
363 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) 364 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
364 ssl2_compat = 0; 365 ssl2_compat = 0;
365#endif 366#endif
366 } 367 }
367#endif 368#endif
368 369
369 buf=(unsigned char *)s->init_buf->data; 370 buf = (unsigned char *)s->init_buf->data;
370 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 371 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
371 {
372#if 0 372#if 0
373 /* don't reuse session-id's */ 373 /* don't reuse session-id's */
374 if (!ssl_get_new_session(s,0)) 374 if (!ssl_get_new_session(s, 0)) {
375 { 375 return (-1);
376 return(-1); 376 }
377 }
378#endif 377#endif
379 378
380 p=s->s3->client_random; 379 p = s->s3->client_random;
381 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) 380 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
382 return -1; 381 return -1;
383 382
384 if (version == TLS1_2_VERSION) 383 if (version == TLS1_2_VERSION) {
385 {
386 version_major = TLS1_2_VERSION_MAJOR; 384 version_major = TLS1_2_VERSION_MAJOR;
387 version_minor = TLS1_2_VERSION_MINOR; 385 version_minor = TLS1_2_VERSION_MINOR;
388 } 386 } else if (version == TLS1_1_VERSION) {
389 else if (version == TLS1_1_VERSION)
390 {
391 version_major = TLS1_1_VERSION_MAJOR; 387 version_major = TLS1_1_VERSION_MAJOR;
392 version_minor = TLS1_1_VERSION_MINOR; 388 version_minor = TLS1_1_VERSION_MINOR;
393 } 389 } else if (version == TLS1_VERSION) {
394 else if (version == TLS1_VERSION)
395 {
396 version_major = TLS1_VERSION_MAJOR; 390 version_major = TLS1_VERSION_MAJOR;
397 version_minor = TLS1_VERSION_MINOR; 391 version_minor = TLS1_VERSION_MINOR;
398 } 392 }
399#ifdef OPENSSL_FIPS 393#ifdef OPENSSL_FIPS
400 else if(FIPS_mode()) 394 else if (FIPS_mode()) {
401 {
402 SSLerr(SSL_F_SSL23_CLIENT_HELLO, 395 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
403 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 396 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
404 return -1; 397 return -1;
405 } 398 }
406#endif 399#endif
407 else if (version == SSL3_VERSION) 400 else if (version == SSL3_VERSION) {
408 {
409 version_major = SSL3_VERSION_MAJOR; 401 version_major = SSL3_VERSION_MAJOR;
410 version_minor = SSL3_VERSION_MINOR; 402 version_minor = SSL3_VERSION_MINOR;
411 } 403 } else if (version == SSL2_VERSION) {
412 else if (version == SSL2_VERSION)
413 {
414 version_major = SSL2_VERSION_MAJOR; 404 version_major = SSL2_VERSION_MAJOR;
415 version_minor = SSL2_VERSION_MINOR; 405 version_minor = SSL2_VERSION_MINOR;
416 } 406 } else {
417 else 407 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
418 { 408 return (-1);
419 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); 409 }
420 return(-1);
421 }
422 410
423 s->client_version = version; 411 s->client_version = version;
424 412
425 if (ssl2_compat) 413 if (ssl2_compat) {
426 {
427 /* create SSL 2.0 compatible Client Hello */ 414 /* create SSL 2.0 compatible Client Hello */
428 415
429 /* two byte record header will be written last */ 416 /* two byte record header will be written last */
@@ -433,28 +420,27 @@ static int ssl23_client_hello(SSL *s)
433 *(d++) = SSL2_MT_CLIENT_HELLO; 420 *(d++) = SSL2_MT_CLIENT_HELLO;
434 *(d++) = version_major; 421 *(d++) = version_major;
435 *(d++) = version_minor; 422 *(d++) = version_minor;
436 423
437 /* Ciphers supported */ 424 /* Ciphers supported */
438 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); 425 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
439 if (i == 0) 426 if (i == 0) {
440 {
441 /* no ciphers */ 427 /* no ciphers */
442 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 428 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
443 return -1; 429 return -1;
444 } 430 }
445 s2n(i,d); 431 s2n(i, d);
446 p+=i; 432 p += i;
447 433
448 /* put in the session-id length (zero since there is no reuse) */ 434 /* put in the session-id length (zero since there is no reuse) */
449#if 0 435#if 0
450 s->session->session_id_length=0; 436 s->session->session_id_length = 0;
451#endif 437#endif
452 s2n(0,d); 438 s2n(0, d);
453 439
454 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 440 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
455 ch_len=SSL2_CHALLENGE_LENGTH; 441 ch_len = SSL2_CHALLENGE_LENGTH;
456 else 442 else
457 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 443 ch_len = SSL2_MAX_CHALLENGE_LENGTH;
458 444
459 /* write out sslv2 challenge */ 445 /* write out sslv2 challenge */
460 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), 446 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
@@ -462,34 +448,32 @@ static int ssl23_client_hello(SSL *s)
462 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the 448 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
463 check in for futurproofing */ 449 check in for futurproofing */
464 if (SSL3_RANDOM_SIZE < ch_len) 450 if (SSL3_RANDOM_SIZE < ch_len)
465 i=SSL3_RANDOM_SIZE; 451 i = SSL3_RANDOM_SIZE;
466 else 452 else
467 i=ch_len; 453 i = ch_len;
468 s2n(i,d); 454 s2n(i, d);
469 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 455 memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
470 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 456 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
471 return -1; 457 return -1;
472 458
473 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 459 memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
474 p+=i; 460 p += i;
475 461
476 i= p- &(buf[2]); 462 i = p- &(buf[2]);
477 buf[0]=((i>>8)&0xff)|0x80; 463 buf[0] = ((i >> 8)&0xff)|0x80;
478 buf[1]=(i&0xff); 464 buf[1] = (i&0xff);
479 465
480 /* number of bytes to write */ 466 /* number of bytes to write */
481 s->init_num=i+2; 467 s->init_num = i + 2;
482 s->init_off=0; 468 s->init_off = 0;
483 469
484 ssl3_finish_mac(s,&(buf[2]),i); 470 ssl3_finish_mac(s, &(buf[2]), i);
485 } 471 } else {
486 else
487 {
488 /* create Client Hello in SSL 3.0/TLS 1.0 format */ 472 /* create Client Hello in SSL 3.0/TLS 1.0 format */
489 473
490 /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 474 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
491 d = p = &(buf[9]); 475 d = p = &(buf[9]);
492 476
493 *(p++) = version_major; 477 *(p++) = version_major;
494 *(p++) = version_minor; 478 *(p++) = version_minor;
495 479
@@ -501,73 +485,68 @@ static int ssl23_client_hello(SSL *s)
501 *(p++) = 0; 485 *(p++) = 0;
502 486
503 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 487 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
504 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); 488 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char);
505 if (i == 0) 489 if (i == 0) {
506 { 490 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
507 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
508 return -1; 491 return -1;
509 } 492 }
510#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 493#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
511 /* Some servers hang if client hello > 256 bytes 494 /* Some servers hang if client hello > 256 bytes
512 * as hack workaround chop number of supported ciphers 495 * as hack workaround chop number of supported ciphers
513 * to keep it well below this if we use TLS v1.2 496 * to keep it well below this if we use TLS v1.2
514 */ 497 */
515 if (TLS1_get_version(s) >= TLS1_2_VERSION 498 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
516 && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 499 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
517 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 500 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
518#endif 501#endif
519 s2n(i,p); 502 s2n(i, p);
520 p+=i; 503 p += i;
521 504
522 /* COMPRESSION */ 505 /* COMPRESSION */
523#ifdef OPENSSL_NO_COMP 506#ifdef OPENSSL_NO_COMP
524 *(p++)=1; 507 *(p++) = 1;
525#else 508#else
526 if ((s->options & SSL_OP_NO_COMPRESSION) 509 if ((s->options & SSL_OP_NO_COMPRESSION) ||
527 || !s->ctx->comp_methods) 510 !s->ctx->comp_methods)
528 j=0; 511 j = 0;
529 else 512 else
530 j=sk_SSL_COMP_num(s->ctx->comp_methods); 513 j = sk_SSL_COMP_num(s->ctx->comp_methods);
531 *(p++)=1+j; 514 *(p++) = 1 + j;
532 for (i=0; i<j; i++) 515 for (i = 0; i < j; i++) {
533 { 516 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
534 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 517 *(p++) = comp->id;
535 *(p++)=comp->id; 518 }
536 }
537#endif 519#endif
538 *(p++)=0; /* Add the NULL method */ 520 *(p++)=0; /* Add the NULL method */
539 521
540#ifndef OPENSSL_NO_TLSEXT 522#ifndef OPENSSL_NO_TLSEXT
541 /* TLS extensions*/ 523 /* TLS extensions*/
542 if (ssl_prepare_clienthello_tlsext(s) <= 0) 524 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
543 { 525 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
544 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
545 return -1; 526 return -1;
546 } 527 }
547 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 528 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
548 { 529 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
549 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
550 return -1; 530 return -1;
551 } 531 }
552#endif 532#endif
553 533
554 l = p-d; 534 l = p - d;
555 535
556 /* fill in 4-byte handshake header */ 536 /* fill in 4-byte handshake header */
557 d=&(buf[5]); 537 d = &(buf[5]);
558 *(d++)=SSL3_MT_CLIENT_HELLO; 538 *(d++) = SSL3_MT_CLIENT_HELLO;
559 l2n3(l,d); 539 l2n3(l, d);
560 540
561 l += 4; 541 l += 4;
562 542
563 if (l > SSL3_RT_MAX_PLAIN_LENGTH) 543 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
564 { 544 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
565 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
566 return -1; 545 return -1;
567 } 546 }
568 547
569 /* fill in 5-byte record header */ 548 /* fill in 5-byte record header */
570 d=buf; 549 d = buf;
571 *(d++) = SSL3_RT_HANDSHAKE; 550 *(d++) = SSL3_RT_HANDSHAKE;
572 *(d++) = version_major; 551 *(d++) = version_major;
573 /* Some servers hang if we use long client hellos 552 /* Some servers hang if we use long client hellos
@@ -577,54 +556,54 @@ static int ssl23_client_hello(SSL *s)
577 *(d++) = 1; 556 *(d++) = 1;
578 else 557 else
579 *(d++) = version_minor; 558 *(d++) = version_minor;
580 s2n((int)l,d); 559 s2n((int)l, d);
581 560
582 /* number of bytes to write */ 561 /* number of bytes to write */
583 s->init_num=p-buf; 562 s->init_num = p - buf;
584 s->init_off=0; 563 s->init_off = 0;
585
586 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
587 }
588 564
589 s->state=SSL23_ST_CW_CLNT_HELLO_B; 565 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
590 s->init_off=0;
591 } 566 }
592 567
568 s->state = SSL23_ST_CW_CLNT_HELLO_B;
569 s->init_off = 0;
570 }
571
593 /* SSL3_ST_CW_CLNT_HELLO_B */ 572 /* SSL3_ST_CW_CLNT_HELLO_B */
594 ret = ssl23_write_bytes(s); 573 ret = ssl23_write_bytes(s);
595 574
596 if ((ret >= 2) && s->msg_callback) 575 if ((ret >= 2) && s->msg_callback) {
597 {
598 /* Client Hello has been sent; tell msg_callback */ 576 /* Client Hello has been sent; tell msg_callback */
599 577
600 if (ssl2_compat) 578 if (ssl2_compat)
601 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); 579 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg);
602 else 580 else
603 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); 581 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
604 } 582 }
605 583
606 return ret; 584 return ret;
607 } 585}
608 586
609static int ssl23_get_server_hello(SSL *s) 587static int
610 { 588ssl23_get_server_hello(SSL *s)
589{
611 char buf[8]; 590 char buf[8];
612 unsigned char *p; 591 unsigned char *p;
613 int i; 592 int i;
614 int n; 593 int n;
615 594
616 n=ssl23_read_bytes(s,7); 595 n = ssl23_read_bytes(s, 7);
617 596
618 if (n != 7) return(n); 597 if (n != 7)
619 p=s->packet; 598 return (n);
599 p = s->packet;
620 600
621 memcpy(buf,p,n); 601 memcpy(buf, p, n);
622 602
623 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 603 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
624 (p[5] == 0x00) && (p[6] == 0x02)) 604 (p[5] == 0x00) && (p[6] == 0x02)) {
625 {
626#ifdef OPENSSL_NO_SSL2 605#ifdef OPENSSL_NO_SSL2
627 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 606 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
628 goto err; 607 goto err;
629#else 608#else
630 /* we are talking sslv2 */ 609 /* we are talking sslv2 */
@@ -632,169 +611,150 @@ static int ssl23_get_server_hello(SSL *s)
632 * sslv2 stuff. */ 611 * sslv2 stuff. */
633 int ch_len; 612 int ch_len;
634 613
635 if (s->options & SSL_OP_NO_SSLv2) 614 if (s->options & SSL_OP_NO_SSLv2) {
636 { 615 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
637 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
638 goto err; 616 goto err;
639 } 617 }
640 if (s->s2 == NULL) 618 if (s->s2 == NULL) {
641 {
642 if (!ssl2_new(s)) 619 if (!ssl2_new(s))
643 goto err; 620 goto err;
644 } 621 } else
645 else
646 ssl2_clear(s); 622 ssl2_clear(s);
647 623
648 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 624 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
649 ch_len=SSL2_CHALLENGE_LENGTH; 625 ch_len = SSL2_CHALLENGE_LENGTH;
650 else 626 else
651 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 627 ch_len = SSL2_MAX_CHALLENGE_LENGTH;
652 628
653 /* write out sslv2 challenge */ 629 /* write out sslv2 challenge */
654 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because 630 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
655 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or 631 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
656 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for 632 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
657 futurproofing */ 633 futurproofing */
658 i=(SSL3_RANDOM_SIZE < ch_len) 634 i = (SSL3_RANDOM_SIZE < ch_len) ? SSL3_RANDOM_SIZE : ch_len;
659 ?SSL3_RANDOM_SIZE:ch_len; 635 s->s2->challenge_length = i;
660 s->s2->challenge_length=i;
661 memcpy(s->s2->challenge, 636 memcpy(s->s2->challenge,
662 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 637 &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
663 638
664 if (s->s3 != NULL) ssl3_free(s); 639 if (s->s3 != NULL)
640 ssl3_free(s);
665 641
666 if (!BUF_MEM_grow_clean(s->init_buf, 642 if (!BUF_MEM_grow_clean(s->init_buf,
667 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 643 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
668 { 644 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ERR_R_BUF_LIB);
669 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
670 goto err; 645 goto err;
671 } 646 }
672 647
673 s->state=SSL2_ST_GET_SERVER_HELLO_A; 648 s->state = SSL2_ST_GET_SERVER_HELLO_A;
674 if (!(s->client_version == SSL2_VERSION)) 649 if (!(s->client_version == SSL2_VERSION))
675 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ 650 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
676 s->s2->ssl2_rollback=1; 651 s->s2->ssl2_rollback = 1;
677 652
678 /* setup the 7 bytes we have read so we get them from 653 /* setup the 7 bytes we have read so we get them from
679 * the sslv2 buffer */ 654 * the sslv2 buffer */
680 s->rstate=SSL_ST_READ_HEADER; 655 s->rstate = SSL_ST_READ_HEADER;
681 s->packet_length=n; 656 s->packet_length = n;
682 s->packet= &(s->s2->rbuf[0]); 657 s->packet = &(s->s2->rbuf[0]);
683 memcpy(s->packet,buf,n); 658 memcpy(s->packet, buf, n);
684 s->s2->rbuf_left=n; 659 s->s2->rbuf_left = n;
685 s->s2->rbuf_offs=0; 660 s->s2->rbuf_offs = 0;
686 661
687 /* we have already written one */ 662 /* we have already written one */
688 s->s2->write_sequence=1; 663 s->s2->write_sequence = 1;
689 664
690 s->method=SSLv2_client_method(); 665 s->method = SSLv2_client_method();
691 s->handshake_func=s->method->ssl_connect; 666 s->handshake_func = s->method->ssl_connect;
692#endif 667#endif
693 } 668 } else if (p[1] == SSL3_VERSION_MAJOR &&
694 else if (p[1] == SSL3_VERSION_MAJOR && 669 p[2] <= TLS1_2_VERSION_MINOR &&
695 p[2] <= TLS1_2_VERSION_MINOR && 670 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
696 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 671 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
697 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
698 {
699 /* we have sslv3 or tls1 (server hello or alert) */ 672 /* we have sslv3 or tls1 (server hello or alert) */
700 673
701 if ((p[2] == SSL3_VERSION_MINOR) && 674 if ((p[2] == SSL3_VERSION_MINOR) &&
702 !(s->options & SSL_OP_NO_SSLv3)) 675 !(s->options & SSL_OP_NO_SSLv3)) {
703 {
704#ifdef OPENSSL_FIPS 676#ifdef OPENSSL_FIPS
705 if(FIPS_mode()) 677 if (FIPS_mode()) {
706 {
707 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, 678 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
708 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 679 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
709 goto err; 680 goto err;
710 }
711#endif
712 s->version=SSL3_VERSION;
713 s->method=SSLv3_client_method();
714 }
715 else if ((p[2] == TLS1_VERSION_MINOR) &&
716 !(s->options & SSL_OP_NO_TLSv1))
717 {
718 s->version=TLS1_VERSION;
719 s->method=TLSv1_client_method();
720 } 681 }
721 else if ((p[2] == TLS1_1_VERSION_MINOR) && 682#endif
722 !(s->options & SSL_OP_NO_TLSv1_1)) 683 s->version = SSL3_VERSION;
723 { 684 s->method = SSLv3_client_method();
724 s->version=TLS1_1_VERSION; 685 } else if ((p[2] == TLS1_VERSION_MINOR) &&
725 s->method=TLSv1_1_client_method(); 686 !(s->options & SSL_OP_NO_TLSv1)) {
726 } 687 s->version = TLS1_VERSION;
727 else if ((p[2] == TLS1_2_VERSION_MINOR) && 688 s->method = TLSv1_client_method();
728 !(s->options & SSL_OP_NO_TLSv1_2)) 689 } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
729 { 690 !(s->options & SSL_OP_NO_TLSv1_1)) {
730 s->version=TLS1_2_VERSION; 691 s->version = TLS1_1_VERSION;
731 s->method=TLSv1_2_client_method(); 692 s->method = TLSv1_1_client_method();
732 } 693 } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
733 else 694 !(s->options & SSL_OP_NO_TLSv1_2)) {
734 { 695 s->version = TLS1_2_VERSION;
735 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 696 s->method = TLSv1_2_client_method();
697 } else {
698 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
736 goto err; 699 goto err;
737 } 700 }
738 701
739 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) 702 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
740 {
741 /* fatal alert */ 703 /* fatal alert */
742 704
743 void (*cb)(const SSL *ssl,int type,int val)=NULL; 705 void (*cb)(const SSL *ssl, int type, int val) = NULL;
744 int j; 706 int j;
745 707
746 if (s->info_callback != NULL) 708 if (s->info_callback != NULL)
747 cb=s->info_callback; 709 cb = s->info_callback;
748 else if (s->ctx->info_callback != NULL) 710 else if (s->ctx->info_callback != NULL)
749 cb=s->ctx->info_callback; 711 cb = s->ctx->info_callback;
750 712
751 i=p[5]; 713 i = p[5];
752 if (cb != NULL) 714 if (cb != NULL) {
753 { 715 j = (i << 8) | p[6];
754 j=(i<<8)|p[6]; 716 cb(s, SSL_CB_READ_ALERT, j);
755 cb(s,SSL_CB_READ_ALERT,j); 717 }
756 } 718
757
758 if (s->msg_callback) 719 if (s->msg_callback)
759 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); 720 s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg);
760 721
761 s->rwstate=SSL_NOTHING; 722 s->rwstate = SSL_NOTHING;
762 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); 723 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
763 goto err; 724 goto err;
764 } 725 }
765 726
766 if (!ssl_init_wbio_buffer(s,1)) goto err; 727 if (!ssl_init_wbio_buffer(s, 1))
728 goto err;
767 729
768 /* we are in this state */ 730 /* we are in this state */
769 s->state=SSL3_ST_CR_SRVR_HELLO_A; 731 s->state = SSL3_ST_CR_SRVR_HELLO_A;
770 732
771 /* put the 7 bytes we have read into the input buffer 733 /* put the 7 bytes we have read into the input buffer
772 * for SSLv3 */ 734 * for SSLv3 */
773 s->rstate=SSL_ST_READ_HEADER; 735 s->rstate = SSL_ST_READ_HEADER;
774 s->packet_length=n; 736 s->packet_length = n;
775 if (s->s3->rbuf.buf == NULL) 737 if (s->s3->rbuf.buf == NULL)
776 if (!ssl3_setup_read_buffer(s)) 738 if (!ssl3_setup_read_buffer(s))
777 goto err; 739 goto err;
778 s->packet= &(s->s3->rbuf.buf[0]); 740 s->packet = &(s->s3->rbuf.buf[0]);
779 memcpy(s->packet,buf,n); 741 memcpy(s->packet, buf, n);
780 s->s3->rbuf.left=n; 742 s->s3->rbuf.left = n;
781 s->s3->rbuf.offset=0; 743 s->s3->rbuf.offset = 0;
782 744
783 s->handshake_func=s->method->ssl_connect; 745 s->handshake_func = s->method->ssl_connect;
784 } 746 } else {
785 else 747 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
786 {
787 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
788 goto err; 748 goto err;
789 } 749 }
790 s->init_num=0; 750 s->init_num = 0;
791 751
792 /* Since, if we are sending a ssl23 client hello, we are not 752 /* Since, if we are sending a ssl23 client hello, we are not
793 * reusing a session-id */ 753 * reusing a session-id */
794 if (!ssl_get_new_session(s,0)) 754 if (!ssl_get_new_session(s, 0))
795 goto err; 755 goto err;
796 756
797 return(SSL_connect(s)); 757 return (SSL_connect(s));
798err: 758err:
799 return(-1); 759 return (-1);
800 } 760}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 13:14:24 +0000