diff options
| author | markus <> | 2002-09-05 12:51:50 +0000 |
|---|---|---|
| committer | markus <> | 2002-09-05 12:51:50 +0000 |
| commit | 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch) | |
| tree | bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libssl/s23_srvr.c | |
| parent | 027351f729b9e837200dae6e1520cda6577ab930 (diff) | |
| download | openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2 openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip | |
import openssl-0.9.7-beta1
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 338 |
1 files changed, 214 insertions, 124 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index c7b9ecbcf2..9e89cc7f9a 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -55,28 +55,76 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "buffer.h" | 113 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 114 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 115 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 116 | #include <openssl/evp.h> |
| 64 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
| 65 | 118 | ||
| 66 | #define BREAK break | 119 | static SSL_METHOD *ssl23_get_server_method(int ver); |
| 67 | |||
| 68 | #ifndef NOPROTO | ||
| 69 | int ssl23_get_client_hello(SSL *s); | 120 | int ssl23_get_client_hello(SSL *s); |
| 70 | #else | 121 | static SSL_METHOD *ssl23_get_server_method(int ver) |
| 71 | int ssl23_get_client_hello(); | ||
| 72 | #endif | ||
| 73 | |||
| 74 | static SSL_METHOD *ssl23_get_server_method(ver) | ||
| 75 | int ver; | ||
| 76 | { | 122 | { |
| 123 | #ifndef OPENSSL_NO_SSL2 | ||
| 77 | if (ver == SSL2_VERSION) | 124 | if (ver == SSL2_VERSION) |
| 78 | return(SSLv2_server_method()); | 125 | return(SSLv2_server_method()); |
| 79 | else if (ver == SSL3_VERSION) | 126 | #endif |
| 127 | if (ver == SSL3_VERSION) | ||
| 80 | return(SSLv3_server_method()); | 128 | return(SSLv3_server_method()); |
| 81 | else if (ver == TLS1_VERSION) | 129 | else if (ver == TLS1_VERSION) |
| 82 | return(TLSv1_server_method()); | 130 | return(TLSv1_server_method()); |
| @@ -84,32 +132,31 @@ int ver; | |||
| 84 | return(NULL); | 132 | return(NULL); |
| 85 | } | 133 | } |
| 86 | 134 | ||
| 87 | SSL_METHOD *SSLv23_server_method() | 135 | SSL_METHOD *SSLv23_server_method(void) |
| 88 | { | 136 | { |
| 89 | static int init=1; | 137 | static int init=1; |
| 90 | static SSL_METHOD SSLv23_server_data; | 138 | static SSL_METHOD SSLv23_server_data; |
| 91 | 139 | ||
| 92 | if (init) | 140 | if (init) |
| 93 | { | 141 | { |
| 94 | init=0; | ||
| 95 | memcpy((char *)&SSLv23_server_data, | 142 | memcpy((char *)&SSLv23_server_data, |
| 96 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | 143 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); |
| 97 | SSLv23_server_data.ssl_accept=ssl23_accept; | 144 | SSLv23_server_data.ssl_accept=ssl23_accept; |
| 98 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; | 145 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; |
| 146 | init=0; | ||
| 99 | } | 147 | } |
| 100 | return(&SSLv23_server_data); | 148 | return(&SSLv23_server_data); |
| 101 | } | 149 | } |
| 102 | 150 | ||
| 103 | int ssl23_accept(s) | 151 | int ssl23_accept(SSL *s) |
| 104 | SSL *s; | ||
| 105 | { | 152 | { |
| 106 | BUF_MEM *buf; | 153 | BUF_MEM *buf; |
| 107 | unsigned long Time=time(NULL); | 154 | unsigned long Time=time(NULL); |
| 108 | void (*cb)()=NULL; | 155 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 109 | int ret= -1; | 156 | int ret= -1; |
| 110 | int new_state,state; | 157 | int new_state,state; |
| 111 | 158 | ||
| 112 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 159 | RAND_add(&Time,sizeof(Time),0); |
| 113 | ERR_clear_error(); | 160 | ERR_clear_error(); |
| 114 | clear_sys_error(); | 161 | clear_sys_error(); |
| 115 | 162 | ||
| @@ -118,8 +165,8 @@ SSL *s; | |||
| 118 | else if (s->ctx->info_callback != NULL) | 165 | else if (s->ctx->info_callback != NULL) |
| 119 | cb=s->ctx->info_callback; | 166 | cb=s->ctx->info_callback; |
| 120 | 167 | ||
| 121 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 122 | s->in_handshake++; | 168 | s->in_handshake++; |
| 169 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 123 | 170 | ||
| 124 | for (;;) | 171 | for (;;) |
| 125 | { | 172 | { |
| @@ -132,6 +179,7 @@ SSL *s; | |||
| 132 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | 179 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: |
| 133 | case SSL_ST_OK|SSL_ST_ACCEPT: | 180 | case SSL_ST_OK|SSL_ST_ACCEPT: |
| 134 | 181 | ||
| 182 | s->server=1; | ||
| 135 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 183 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 136 | 184 | ||
| 137 | /* s->version=SSL3_VERSION; */ | 185 | /* s->version=SSL3_VERSION; */ |
| @@ -155,7 +203,7 @@ SSL *s; | |||
| 155 | ssl3_init_finished_mac(s); | 203 | ssl3_init_finished_mac(s); |
| 156 | 204 | ||
| 157 | s->state=SSL23_ST_SR_CLNT_HELLO_A; | 205 | s->state=SSL23_ST_SR_CLNT_HELLO_A; |
| 158 | s->ctx->sess_accept++; | 206 | s->ctx->stats.sess_accept++; |
| 159 | s->init_num=0; | 207 | s->init_num=0; |
| 160 | break; | 208 | break; |
| 161 | 209 | ||
| @@ -166,7 +214,7 @@ SSL *s; | |||
| 166 | ret=ssl23_get_client_hello(s); | 214 | ret=ssl23_get_client_hello(s); |
| 167 | if (ret >= 0) cb=NULL; | 215 | if (ret >= 0) cb=NULL; |
| 168 | goto end; | 216 | goto end; |
| 169 | break; | 217 | /* break; */ |
| 170 | 218 | ||
| 171 | default: | 219 | default: |
| 172 | SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); | 220 | SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); |
| @@ -184,31 +232,48 @@ SSL *s; | |||
| 184 | } | 232 | } |
| 185 | } | 233 | } |
| 186 | end: | 234 | end: |
| 235 | s->in_handshake--; | ||
| 187 | if (cb != NULL) | 236 | if (cb != NULL) |
| 188 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | 237 | cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 189 | s->in_handshake--; | ||
| 190 | return(ret); | 238 | return(ret); |
| 191 | } | 239 | } |
| 192 | 240 | ||
| 193 | 241 | ||
| 194 | int ssl23_get_client_hello(s) | 242 | int ssl23_get_client_hello(SSL *s) |
| 195 | SSL *s; | ||
| 196 | { | 243 | { |
| 197 | char buf_space[8]; | 244 | char buf_space[11]; /* Request this many bytes in initial read. |
| 245 | * We can detect SSL 3.0/TLS 1.0 Client Hellos | ||
| 246 | * ('type == 3') correctly only when the following | ||
| 247 | * is in a single record, which is not guaranteed by | ||
| 248 | * the protocol specification: | ||
| 249 | * Byte Content | ||
| 250 | * 0 type \ | ||
| 251 | * 1/2 version > record header | ||
| 252 | * 3/4 length / | ||
| 253 | * 5 msg_type \ | ||
| 254 | * 6-8 length > Client Hello message | ||
| 255 | * 9/10 client_version / | ||
| 256 | */ | ||
| 198 | char *buf= &(buf_space[0]); | 257 | char *buf= &(buf_space[0]); |
| 199 | unsigned char *p,*d,*dd; | 258 | unsigned char *p,*d,*d_len,*dd; |
| 200 | unsigned int i; | 259 | unsigned int i; |
| 201 | unsigned int csl,sil,cl; | 260 | unsigned int csl,sil,cl; |
| 202 | int n=0,j,tls1=0; | 261 | int n=0,j; |
| 203 | int type=0,use_sslv2_strong=0; | 262 | int type=0; |
| 263 | int v[2]; | ||
| 264 | #ifndef OPENSSL_NO_RSA | ||
| 265 | int use_sslv2_strong=0; | ||
| 266 | #endif | ||
| 204 | 267 | ||
| 205 | /* read the initial header */ | ||
| 206 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) | 268 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) |
| 207 | { | 269 | { |
| 270 | /* read the initial header */ | ||
| 271 | v[0]=v[1]=0; | ||
| 272 | |||
| 208 | if (!ssl3_setup_buffers(s)) goto err; | 273 | if (!ssl3_setup_buffers(s)) goto err; |
| 209 | 274 | ||
| 210 | n=ssl23_read_bytes(s,7); | 275 | n=ssl23_read_bytes(s, sizeof buf_space); |
| 211 | if (n != 7) return(n); | 276 | if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ |
| 212 | 277 | ||
| 213 | p=s->packet; | 278 | p=s->packet; |
| 214 | 279 | ||
| @@ -216,124 +281,135 @@ SSL *s; | |||
| 216 | 281 | ||
| 217 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) | 282 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) |
| 218 | { | 283 | { |
| 219 | /* SSLv2 header */ | 284 | /* |
| 285 | * SSLv2 header | ||
| 286 | */ | ||
| 220 | if ((p[3] == 0x00) && (p[4] == 0x02)) | 287 | if ((p[3] == 0x00) && (p[4] == 0x02)) |
| 221 | { | 288 | { |
| 289 | v[0]=p[3]; v[1]=p[4]; | ||
| 222 | /* SSLv2 */ | 290 | /* SSLv2 */ |
| 223 | if (!(s->options & SSL_OP_NO_SSLv2)) | 291 | if (!(s->options & SSL_OP_NO_SSLv2)) |
| 224 | type=1; | 292 | type=1; |
| 225 | } | 293 | } |
| 226 | else if (p[3] == SSL3_VERSION_MAJOR) | 294 | else if (p[3] == SSL3_VERSION_MAJOR) |
| 227 | { | 295 | { |
| 296 | v[0]=p[3]; v[1]=p[4]; | ||
| 228 | /* SSLv3/TLSv1 */ | 297 | /* SSLv3/TLSv1 */ |
| 229 | if (p[4] >= TLS1_VERSION_MINOR) | 298 | if (p[4] >= TLS1_VERSION_MINOR) |
| 230 | { | 299 | { |
| 231 | if (!(s->options & SSL_OP_NO_TLSv1)) | 300 | if (!(s->options & SSL_OP_NO_TLSv1)) |
| 232 | { | 301 | { |
| 233 | tls1=1; | 302 | s->version=TLS1_VERSION; |
| 303 | /* type=2; */ /* done later to survive restarts */ | ||
| 234 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | 304 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 235 | } | 305 | } |
| 236 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 306 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 237 | { | 307 | { |
| 308 | s->version=SSL3_VERSION; | ||
| 309 | /* type=2; */ | ||
| 238 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | 310 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 239 | } | 311 | } |
| 312 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 313 | { | ||
| 314 | type=1; | ||
| 315 | } | ||
| 240 | } | 316 | } |
| 241 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 317 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 242 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | ||
| 243 | |||
| 244 | if (s->options & SSL_OP_NON_EXPORT_FIRST) | ||
| 245 | { | 318 | { |
| 246 | STACK *sk; | 319 | s->version=SSL3_VERSION; |
| 247 | SSL_CIPHER *c; | 320 | /* type=2; */ |
| 248 | int ne2,ne3; | 321 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 249 | |||
| 250 | j=((p[0]&0x7f)<<8)|p[1]; | ||
| 251 | if (j > (1024*4)) | ||
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); | ||
| 254 | goto err; | ||
| 255 | } | ||
| 256 | |||
| 257 | n=ssl23_read_bytes(s,j+2); | ||
| 258 | if (n <= 0) return(n); | ||
| 259 | p=s->packet; | ||
| 260 | |||
| 261 | if ((buf=Malloc(n)) == NULL) | ||
| 262 | { | ||
| 263 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 264 | goto err; | ||
| 265 | } | ||
| 266 | memcpy(buf,p,n); | ||
| 267 | |||
| 268 | p+=5; | ||
| 269 | n2s(p,csl); | ||
| 270 | p+=4; | ||
| 271 | |||
| 272 | sk=ssl_bytes_to_cipher_list( | ||
| 273 | s,p,csl,NULL); | ||
| 274 | if (sk != NULL) | ||
| 275 | { | ||
| 276 | ne2=ne3=0; | ||
| 277 | for (j=0; j<sk_num(sk); j++) | ||
| 278 | { | ||
| 279 | c=(SSL_CIPHER *)sk_value(sk,j); | ||
| 280 | if (!(c->algorithms & SSL_EXP)) | ||
| 281 | { | ||
| 282 | if ((c->id>>24L) == 2L) | ||
| 283 | ne2=1; | ||
| 284 | else | ||
| 285 | ne3=1; | ||
| 286 | } | ||
| 287 | } | ||
| 288 | if (ne2 && !ne3) | ||
| 289 | { | ||
| 290 | type=1; | ||
| 291 | use_sslv2_strong=1; | ||
| 292 | goto next_bit; | ||
| 293 | } | ||
| 294 | } | ||
| 295 | } | 322 | } |
| 323 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 324 | type=1; | ||
| 325 | |||
| 296 | } | 326 | } |
| 297 | } | 327 | } |
| 298 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | 328 | else if ((p[0] == SSL3_RT_HANDSHAKE) && |
| 299 | (p[1] == SSL3_VERSION_MAJOR) && | 329 | (p[1] == SSL3_VERSION_MAJOR) && |
| 300 | (p[5] == SSL3_MT_CLIENT_HELLO)) | 330 | (p[5] == SSL3_MT_CLIENT_HELLO) && |
| 331 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) | ||
| 332 | || (p[9] == p[1]))) | ||
| 301 | { | 333 | { |
| 302 | /* true SSLv3 or tls1 */ | 334 | /* |
| 303 | if (p[2] >= TLS1_VERSION_MINOR) | 335 | * SSLv3 or tls1 header |
| 336 | */ | ||
| 337 | |||
| 338 | v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | ||
| 339 | /* We must look at client_version inside the Client Hello message | ||
| 340 | * to get the correct minor version. | ||
| 341 | * However if we have only a pathologically small fragment of the | ||
| 342 | * Client Hello message, this would be difficult, and we'd have | ||
| 343 | * to read more records to find out. | ||
| 344 | * No known SSL 3.0 client fragments ClientHello like this, | ||
| 345 | * so we simply assume TLS 1.0 to avoid protocol version downgrade | ||
| 346 | * attacks. */ | ||
| 347 | if (p[3] == 0 && p[4] < 6) | ||
| 348 | { | ||
| 349 | #if 0 | ||
| 350 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); | ||
| 351 | goto err; | ||
| 352 | #else | ||
| 353 | v[1] = TLS1_VERSION_MINOR; | ||
| 354 | #endif | ||
| 355 | } | ||
| 356 | else | ||
| 357 | v[1]=p[10]; /* minor version according to client_version */ | ||
| 358 | if (v[1] >= TLS1_VERSION_MINOR) | ||
| 304 | { | 359 | { |
| 305 | if (!(s->options & SSL_OP_NO_TLSv1)) | 360 | if (!(s->options & SSL_OP_NO_TLSv1)) |
| 306 | { | 361 | { |
| 362 | s->version=TLS1_VERSION; | ||
| 307 | type=3; | 363 | type=3; |
| 308 | tls1=1; | ||
| 309 | } | 364 | } |
| 310 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 365 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 366 | { | ||
| 367 | s->version=SSL3_VERSION; | ||
| 368 | type=3; | ||
| 369 | } | ||
| 370 | } | ||
| 371 | else | ||
| 372 | { | ||
| 373 | /* client requests SSL 3.0 */ | ||
| 374 | if (!(s->options & SSL_OP_NO_SSLv3)) | ||
| 375 | { | ||
| 376 | s->version=SSL3_VERSION; | ||
| 311 | type=3; | 377 | type=3; |
| 378 | } | ||
| 379 | else if (!(s->options & SSL_OP_NO_TLSv1)) | ||
| 380 | { | ||
| 381 | /* we won't be able to use TLS of course, | ||
| 382 | * but this will send an appropriate alert */ | ||
| 383 | s->version=TLS1_VERSION; | ||
| 384 | type=3; | ||
| 385 | } | ||
| 312 | } | 386 | } |
| 313 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
| 314 | type=3; | ||
| 315 | } | 387 | } |
| 316 | else if ((strncmp("GET ", p,4) == 0) || | 388 | else if ((strncmp("GET ", (char *)p,4) == 0) || |
| 317 | (strncmp("POST ",p,5) == 0) || | 389 | (strncmp("POST ",(char *)p,5) == 0) || |
| 318 | (strncmp("HEAD ",p,5) == 0) || | 390 | (strncmp("HEAD ",(char *)p,5) == 0) || |
| 319 | (strncmp("PUT ", p,4) == 0)) | 391 | (strncmp("PUT ", (char *)p,4) == 0)) |
| 320 | { | 392 | { |
| 321 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); | 393 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); |
| 322 | goto err; | 394 | goto err; |
| 323 | } | 395 | } |
| 324 | else if (strncmp("CONNECT",p,7) == 0) | 396 | else if (strncmp("CONNECT",(char *)p,7) == 0) |
| 325 | { | 397 | { |
| 326 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); | 398 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); |
| 327 | goto err; | 399 | goto err; |
| 328 | } | 400 | } |
| 329 | } | 401 | } |
| 330 | 402 | ||
| 331 | next_bit: | ||
| 332 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 403 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 333 | { | 404 | { |
| 334 | /* we have a SSLv3/TLSv1 in a SSLv2 header */ | 405 | /* we have SSLv3/TLSv1 in an SSLv2 header |
| 406 | * (other cases skip this state) */ | ||
| 407 | |||
| 335 | type=2; | 408 | type=2; |
| 336 | p=s->packet; | 409 | p=s->packet; |
| 410 | v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | ||
| 411 | v[1] = p[4]; | ||
| 412 | |||
| 337 | n=((p[0]&0x7f)<<8)|p[1]; | 413 | n=((p[0]&0x7f)<<8)|p[1]; |
| 338 | if (n > (1024*4)) | 414 | if (n > (1024*4)) |
| 339 | { | 415 | { |
| @@ -344,7 +420,9 @@ next_bit: | |||
| 344 | j=ssl23_read_bytes(s,n+2); | 420 | j=ssl23_read_bytes(s,n+2); |
| 345 | if (j <= 0) return(j); | 421 | if (j <= 0) return(j); |
| 346 | 422 | ||
| 347 | ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); | 423 | ssl3_finish_mac(s, s->packet+2, s->packet_length-2); |
| 424 | if (s->msg_callback) | ||
| 425 | s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | ||
| 348 | 426 | ||
| 349 | p=s->packet; | 427 | p=s->packet; |
| 350 | p+=5; | 428 | p+=5; |
| @@ -358,14 +436,18 @@ next_bit: | |||
| 358 | goto err; | 436 | goto err; |
| 359 | } | 437 | } |
| 360 | 438 | ||
| 361 | *(d++)=SSL3_VERSION_MAJOR; | 439 | /* record header: msg_type ... */ |
| 362 | if (tls1) | 440 | *(d++) = SSL3_MT_CLIENT_HELLO; |
| 363 | *(d++)=TLS1_VERSION_MINOR; | 441 | /* ... and length (actual value will be written later) */ |
| 364 | else | 442 | d_len = d; |
| 365 | *(d++)=SSL3_VERSION_MINOR; | 443 | d += 3; |
| 444 | |||
| 445 | /* client_version */ | ||
| 446 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | ||
| 447 | *(d++) = v[1]; | ||
| 366 | 448 | ||
| 367 | /* lets populate the random area */ | 449 | /* lets populate the random area */ |
| 368 | /* get the chalenge_length */ | 450 | /* get the challenge_length */ |
| 369 | i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; | 451 | i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; |
| 370 | memset(d,0,SSL3_RANDOM_SIZE); | 452 | memset(d,0,SSL3_RANDOM_SIZE); |
| 371 | memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); | 453 | memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); |
| @@ -387,11 +469,12 @@ next_bit: | |||
| 387 | } | 469 | } |
| 388 | s2n(j,dd); | 470 | s2n(j,dd); |
| 389 | 471 | ||
| 390 | /* compression */ | 472 | /* COMPRESSION */ |
| 391 | *(d++)=1; | 473 | *(d++)=1; |
| 392 | *(d++)=0; | 474 | *(d++)=0; |
| 393 | 475 | ||
| 394 | i=(d-(unsigned char *)s->init_buf->data); | 476 | i = (d-(unsigned char *)s->init_buf->data) - 4; |
| 477 | l2n3((long)i, d_len); | ||
| 395 | 478 | ||
| 396 | /* get the data reused from the init_buf */ | 479 | /* get the data reused from the init_buf */ |
| 397 | s->s3->tmp.reuse_message=1; | 480 | s->s3->tmp.reuse_message=1; |
| @@ -399,8 +482,15 @@ next_bit: | |||
| 399 | s->s3->tmp.message_size=i; | 482 | s->s3->tmp.message_size=i; |
| 400 | } | 483 | } |
| 401 | 484 | ||
| 485 | /* imaginary new state (for program structure): */ | ||
| 486 | /* s->state = SSL23_SR_CLNT_HELLO_C */ | ||
| 487 | |||
| 402 | if (type == 1) | 488 | if (type == 1) |
| 403 | { | 489 | { |
| 490 | #ifdef OPENSSL_NO_SSL2 | ||
| 491 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 492 | goto err; | ||
| 493 | #else | ||
| 404 | /* we are talking sslv2 */ | 494 | /* we are talking sslv2 */ |
| 405 | /* we need to clean up the SSLv3/TLSv1 setup and put in the | 495 | /* we need to clean up the SSLv3/TLSv1 setup and put in the |
| 406 | * sslv2 stuff. */ | 496 | * sslv2 stuff. */ |
| @@ -423,12 +513,15 @@ next_bit: | |||
| 423 | 513 | ||
| 424 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 514 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 425 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 515 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || |
| 426 | use_sslv2_strong) | 516 | use_sslv2_strong || |
| 517 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 427 | s->s2->ssl2_rollback=0; | 518 | s->s2->ssl2_rollback=0; |
| 428 | else | 519 | else |
| 520 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | ||
| 521 | * (SSL 3.0 draft/RFC 2246, App. E.2) */ | ||
| 429 | s->s2->ssl2_rollback=1; | 522 | s->s2->ssl2_rollback=1; |
| 430 | 523 | ||
| 431 | /* setup the 5 bytes we have read so we get them from | 524 | /* setup the n bytes we have read so we get them from |
| 432 | * the sslv2 buffer */ | 525 | * the sslv2 buffer */ |
| 433 | s->rstate=SSL_ST_READ_HEADER; | 526 | s->rstate=SSL_ST_READ_HEADER; |
| 434 | s->packet_length=n; | 527 | s->packet_length=n; |
| @@ -439,11 +532,12 @@ next_bit: | |||
| 439 | 532 | ||
| 440 | s->method=SSLv2_server_method(); | 533 | s->method=SSLv2_server_method(); |
| 441 | s->handshake_func=s->method->ssl_accept; | 534 | s->handshake_func=s->method->ssl_accept; |
| 535 | #endif | ||
| 442 | } | 536 | } |
| 443 | 537 | ||
| 444 | if ((type == 2) || (type == 3)) | 538 | if ((type == 2) || (type == 3)) |
| 445 | { | 539 | { |
| 446 | /* we have SSLv3/TLSv1 */ | 540 | /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ |
| 447 | 541 | ||
| 448 | if (!ssl_init_wbio_buffer(s,1)) goto err; | 542 | if (!ssl_init_wbio_buffer(s,1)) goto err; |
| 449 | 543 | ||
| @@ -468,16 +562,13 @@ next_bit: | |||
| 468 | s->s3->rbuf.offset=0; | 562 | s->s3->rbuf.offset=0; |
| 469 | } | 563 | } |
| 470 | 564 | ||
| 471 | if (tls1) | 565 | if (s->version == TLS1_VERSION) |
| 472 | { | 566 | s->method = TLSv1_server_method(); |
| 473 | s->version=TLS1_VERSION; | ||
| 474 | s->method=TLSv1_server_method(); | ||
| 475 | } | ||
| 476 | else | 567 | else |
| 477 | { | 568 | s->method = SSLv3_server_method(); |
| 478 | s->version=SSL3_VERSION; | 569 | #if 0 /* ssl3_get_client_hello does this */ |
| 479 | s->method=SSLv3_server_method(); | 570 | s->client_version=(v[0]<<8)|v[1]; |
| 480 | } | 571 | #endif |
| 481 | s->handshake_func=s->method->ssl_accept; | 572 | s->handshake_func=s->method->ssl_accept; |
| 482 | } | 573 | } |
| 483 | 574 | ||
| @@ -489,11 +580,10 @@ next_bit: | |||
| 489 | } | 580 | } |
| 490 | s->init_num=0; | 581 | s->init_num=0; |
| 491 | 582 | ||
| 492 | if (buf != buf_space) Free(buf); | 583 | if (buf != buf_space) OPENSSL_free(buf); |
| 493 | s->first_packet=1; | 584 | s->first_packet=1; |
| 494 | return(SSL_accept(s)); | 585 | return(SSL_accept(s)); |
| 495 | err: | 586 | err: |
| 496 | if (buf != buf_space) Free(buf); | 587 | if (buf != buf_space) OPENSSL_free(buf); |
| 497 | return(-1); | 588 | return(-1); |
| 498 | } | 589 | } |
| 499 | |||