summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_srvr.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 15:15:33 +0000
committerjsing <>2014-04-14 15:15:33 +0000
commit30f92658fa4e1357cfcee9c077a21e928970d290 (patch)
tree225d880512d3748d996f5d84d5d01521efe52b02 /src/lib/libssl/s23_srvr.c
parent6c233db50b8fc1d31e373868a83572c35271ca51 (diff)
downloadopenbsd-30f92658fa4e1357cfcee9c077a21e928970d290.tar.gz
openbsd-30f92658fa4e1357cfcee9c077a21e928970d290.tar.bz2
openbsd-30f92658fa4e1357cfcee9c077a21e928970d290.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/s23_srvr.c')
-rw-r--r--src/lib/libssl/s23_srvr.c564
1 files changed, 260 insertions, 304 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 2ac8786c62..35db7b4992 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -121,227 +121,209 @@
121 121
122static const SSL_METHOD *ssl23_get_server_method(int ver); 122static const SSL_METHOD *ssl23_get_server_method(int ver);
123int ssl23_get_client_hello(SSL *s); 123int ssl23_get_client_hello(SSL *s);
124static const SSL_METHOD *ssl23_get_server_method(int ver) 124static const SSL_METHOD
125 { 125*ssl23_get_server_method(int ver)
126{
126#ifndef OPENSSL_NO_SSL2 127#ifndef OPENSSL_NO_SSL2
127 if (ver == SSL2_VERSION) 128 if (ver == SSL2_VERSION)
128 return(SSLv2_server_method()); 129 return (SSLv2_server_method());
129#endif 130#endif
130 if (ver == SSL3_VERSION) 131 if (ver == SSL3_VERSION)
131 return(SSLv3_server_method()); 132 return (SSLv3_server_method());
132 else if (ver == TLS1_VERSION) 133 else if (ver == TLS1_VERSION)
133 return(TLSv1_server_method()); 134 return (TLSv1_server_method());
134 else if (ver == TLS1_1_VERSION) 135 else if (ver == TLS1_1_VERSION)
135 return(TLSv1_1_server_method()); 136 return (TLSv1_1_server_method());
136 else if (ver == TLS1_2_VERSION) 137 else if (ver == TLS1_2_VERSION)
137 return(TLSv1_2_server_method()); 138 return (TLSv1_2_server_method());
138 else 139 else
139 return(NULL); 140 return (NULL);
140 } 141}
141 142
142IMPLEMENT_ssl23_meth_func(SSLv23_server_method, 143IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
143 ssl23_accept, 144 ssl23_accept, ssl_undefined_function, ssl23_get_server_method)
144 ssl_undefined_function,
145 ssl23_get_server_method)
146 145
147int ssl23_accept(SSL *s) 146int
148 { 147ssl23_accept(SSL *s)
148{
149 BUF_MEM *buf; 149 BUF_MEM *buf;
150 unsigned long Time=(unsigned long)time(NULL); 150 unsigned long Time = (unsigned long)time(NULL);
151 void (*cb)(const SSL *ssl,int type,int val)=NULL; 151 void (*cb)(const SSL *ssl, int type, int val) = NULL;
152 int ret= -1; 152 int ret = -1;
153 int new_state,state; 153 int new_state, state;
154 154
155 RAND_add(&Time,sizeof(Time),0); 155 RAND_add(&Time, sizeof(Time), 0);
156 ERR_clear_error(); 156 ERR_clear_error();
157 errno = 0; 157 errno = 0;
158 158
159 if (s->info_callback != NULL) 159 if (s->info_callback != NULL)
160 cb=s->info_callback; 160 cb = s->info_callback;
161 else if (s->ctx->info_callback != NULL) 161 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback; 162 cb = s->ctx->info_callback;
163 163
164 s->in_handshake++; 164 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 165 if (!SSL_in_init(s) || SSL_in_before(s))
166 SSL_clear(s);
166 167
167 for (;;) 168 for (;;) {
168 { 169 state = s->state;
169 state=s->state;
170 170
171 switch(s->state) 171 switch (s->state) {
172 {
173 case SSL_ST_BEFORE: 172 case SSL_ST_BEFORE:
174 case SSL_ST_ACCEPT: 173 case SSL_ST_ACCEPT:
175 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 174 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
176 case SSL_ST_OK|SSL_ST_ACCEPT: 175 case SSL_ST_OK|SSL_ST_ACCEPT:
177 176
178 s->server=1; 177 s->server = 1;
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 178 if (cb != NULL)
179 cb(s, SSL_CB_HANDSHAKE_START, 1);
180 180
181 /* s->version=SSL3_VERSION; */ 181 /* s->version=SSL3_VERSION; */
182 s->type=SSL_ST_ACCEPT; 182 s->type = SSL_ST_ACCEPT;
183 183
184 if (s->init_buf == NULL) 184 if (s->init_buf == NULL) {
185 { 185 if ((buf = BUF_MEM_new()) == NULL) {
186 if ((buf=BUF_MEM_new()) == NULL) 186 ret = -1;
187 {
188 ret= -1;
189 goto end; 187 goto end;
190 } 188 }
191 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 189 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
192 { 190 ret = -1;
193 ret= -1;
194 goto end; 191 goto end;
195 }
196 s->init_buf=buf;
197 } 192 }
193 s->init_buf = buf;
194 }
198 195
199 ssl3_init_finished_mac(s); 196 ssl3_init_finished_mac(s);
200 197
201 s->state=SSL23_ST_SR_CLNT_HELLO_A; 198 s->state = SSL23_ST_SR_CLNT_HELLO_A;
202 s->ctx->stats.sess_accept++; 199 s->ctx->stats.sess_accept++;
203 s->init_num=0; 200 s->init_num = 0;
204 break; 201 break;
205 202
206 case SSL23_ST_SR_CLNT_HELLO_A: 203 case SSL23_ST_SR_CLNT_HELLO_A:
207 case SSL23_ST_SR_CLNT_HELLO_B: 204 case SSL23_ST_SR_CLNT_HELLO_B:
208 205
209 s->shutdown=0; 206 s->shutdown = 0;
210 ret=ssl23_get_client_hello(s); 207 ret = ssl23_get_client_hello(s);
211 if (ret >= 0) cb=NULL; 208 if (ret >= 0)
209 cb = NULL;
212 goto end; 210 goto end;
213 /* break; */ 211 /* break; */
214 212
215 default: 213 default:
216 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); 214 SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
217 ret= -1; 215 ret = -1;
218 goto end; 216 goto end;
219 /* break; */ 217 /* break; */
220 } 218 }
221 219
222 if ((cb != NULL) && (s->state != state)) 220 if ((cb != NULL) && (s->state != state)) {
223 { 221 new_state = s->state;
224 new_state=s->state; 222 s->state = state;
225 s->state=state; 223 cb(s, SSL_CB_ACCEPT_LOOP, 1);
226 cb(s,SSL_CB_ACCEPT_LOOP,1); 224 s->state = new_state;
227 s->state=new_state;
228 }
229 } 225 }
226 }
230end: 227end:
231 s->in_handshake--; 228 s->in_handshake--;
232 if (cb != NULL) 229 if (cb != NULL)
233 cb(s,SSL_CB_ACCEPT_EXIT,ret); 230 cb(s, SSL_CB_ACCEPT_EXIT, ret);
234 return(ret); 231 return (ret);
235 } 232}
236 233
237 234
238int ssl23_get_client_hello(SSL *s) 235int
239 { 236ssl23_get_client_hello(SSL *s)
237{
240 char buf_space[11]; /* Request this many bytes in initial read. 238 char buf_space[11]; /* Request this many bytes in initial read.
241 * We can detect SSL 3.0/TLS 1.0 Client Hellos 239 * We can detect SSL 3.0/TLS 1.0 Client Hellos
242 * ('type == 3') correctly only when the following 240 * ('type == 3') correctly only when the following
243 * is in a single record, which is not guaranteed by 241 * is in a single record, which is not guaranteed by
244 * the protocol specification: 242 * the protocol specification:
245 * Byte Content 243 * Byte Content
246 * 0 type \ 244 * 0 type \
247 * 1/2 version > record header 245 * 1/2 version > record header
248 * 3/4 length / 246 * 3/4 length /
249 * 5 msg_type \ 247 * 5 msg_type \
250 * 6-8 length > Client Hello message 248 * 6-8 length > Client Hello message
251 * 9/10 client_version / 249 * 9/10 client_version /
252 */ 250 */
253 char *buf= &(buf_space[0]); 251 char *buf = &(buf_space[0]);
254 unsigned char *p,*d,*d_len,*dd; 252 unsigned char *p, *d, *d_len, *dd;
255 unsigned int i; 253 unsigned int i;
256 unsigned int csl,sil,cl; 254 unsigned int csl, sil, cl;
257 int n=0,j; 255 int n = 0, j;
258 int type=0; 256 int type = 0;
259 int v[2]; 257 int v[2];
260 258
261 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 259 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
262 {
263 /* read the initial header */ 260 /* read the initial header */
264 v[0]=v[1]=0; 261 v[0] = v[1] = 0;
265 262
266 if (!ssl3_setup_buffers(s)) goto err; 263 if (!ssl3_setup_buffers(s))
264 goto err;
267 265
268 n=ssl23_read_bytes(s, sizeof buf_space); 266 n = ssl23_read_bytes(s, sizeof buf_space);
269 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ 267 if (n != sizeof buf_space)
268 return(n); /* n == -1 || n == 0 */
270 269
271 p=s->packet; 270 p = s->packet;
272 271
273 memcpy(buf,p,n); 272 memcpy(buf, p, n);
274 273
275 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) 274 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
276 {
277 /* 275 /*
278 * SSLv2 header 276 * SSLv2 header
279 */ 277 */
280 if ((p[3] == 0x00) && (p[4] == 0x02)) 278 if ((p[3] == 0x00) && (p[4] == 0x02)) {
281 { 279 v[0] = p[3];
282 v[0]=p[3]; v[1]=p[4]; 280 v[1] = p[4];
283 /* SSLv2 */ 281 /* SSLv2 */
284 if (!(s->options & SSL_OP_NO_SSLv2)) 282 if (!(s->options & SSL_OP_NO_SSLv2))
285 type=1; 283 type = 1;
286 } 284 } else if (p[3] == SSL3_VERSION_MAJOR) {
287 else if (p[3] == SSL3_VERSION_MAJOR) 285 v[0] = p[3];
288 { 286 v[1] = p[4];
289 v[0]=p[3]; v[1]=p[4];
290 /* SSLv3/TLSv1 */ 287 /* SSLv3/TLSv1 */
291 if (p[4] >= TLS1_VERSION_MINOR) 288 if (p[4] >= TLS1_VERSION_MINOR) {
292 {
293 if (p[4] >= TLS1_2_VERSION_MINOR && 289 if (p[4] >= TLS1_2_VERSION_MINOR &&
294 !(s->options & SSL_OP_NO_TLSv1_2)) 290 !(s->options & SSL_OP_NO_TLSv1_2)) {
295 { 291 s->version = TLS1_2_VERSION;
296 s->version=TLS1_2_VERSION; 292 s->state = SSL23_ST_SR_CLNT_HELLO_B;
297 s->state=SSL23_ST_SR_CLNT_HELLO_B; 293 } else if (p[4] >= TLS1_1_VERSION_MINOR &&
298 } 294 !(s->options & SSL_OP_NO_TLSv1_1)) {
299 else if (p[4] >= TLS1_1_VERSION_MINOR && 295 s->version = TLS1_1_VERSION;
300 !(s->options & SSL_OP_NO_TLSv1_1))
301 {
302 s->version=TLS1_1_VERSION;
303 /* type=2; */ /* done later to survive restarts */ 296 /* type=2; */ /* done later to survive restarts */
304 s->state=SSL23_ST_SR_CLNT_HELLO_B; 297 s->state = SSL23_ST_SR_CLNT_HELLO_B;
305 } 298 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
306 else if (!(s->options & SSL_OP_NO_TLSv1)) 299 s->version = TLS1_VERSION;
307 {
308 s->version=TLS1_VERSION;
309 /* type=2; */ /* done later to survive restarts */ 300 /* type=2; */ /* done later to survive restarts */
310 s->state=SSL23_ST_SR_CLNT_HELLO_B; 301 s->state = SSL23_ST_SR_CLNT_HELLO_B;
311 } 302 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
312 else if (!(s->options & SSL_OP_NO_SSLv3)) 303 s->version = SSL3_VERSION;
313 {
314 s->version=SSL3_VERSION;
315 /* type=2; */ 304 /* type=2; */
316 s->state=SSL23_ST_SR_CLNT_HELLO_B; 305 s->state = SSL23_ST_SR_CLNT_HELLO_B;
317 } 306 } else if (!(s->options & SSL_OP_NO_SSLv2)) {
318 else if (!(s->options & SSL_OP_NO_SSLv2)) 307 type = 1;
319 {
320 type=1;
321 }
322 } 308 }
323 else if (!(s->options & SSL_OP_NO_SSLv3)) 309 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
324 { 310 s->version = SSL3_VERSION;
325 s->version=SSL3_VERSION;
326 /* type=2; */ 311 /* type=2; */
327 s->state=SSL23_ST_SR_CLNT_HELLO_B; 312 s->state = SSL23_ST_SR_CLNT_HELLO_B;
328 } 313 } else if (!(s->options & SSL_OP_NO_SSLv2))
329 else if (!(s->options & SSL_OP_NO_SSLv2)) 314 type = 1;
330 type=1;
331 315
332 }
333 } 316 }
334 else if ((p[0] == SSL3_RT_HANDSHAKE) && 317 } else if ((p[0] == SSL3_RT_HANDSHAKE) &&
335 (p[1] == SSL3_VERSION_MAJOR) && 318 (p[1] == SSL3_VERSION_MAJOR) &&
336 (p[5] == SSL3_MT_CLIENT_HELLO) && 319 (p[5] == SSL3_MT_CLIENT_HELLO) &&
337 ((p[3] == 0 && p[4] < 5 /* silly record length? */) 320 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
338 || (p[9] >= p[1]))) 321 || (p[9] >= p[1]))) {
339 {
340 /* 322 /*
341 * SSLv3 or tls1 header 323 * SSLv3 or tls1 header
342 */ 324 */
343 325
344 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ 326 v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
345 /* We must look at client_version inside the Client Hello message 327 /* We must look at client_version inside the Client Hello message
346 * to get the correct minor version. 328 * to get the correct minor version.
347 * However if we have only a pathologically small fragment of the 329 * However if we have only a pathologically small fragment of the
@@ -350,127 +332,108 @@ int ssl23_get_client_hello(SSL *s)
350 * No known SSL 3.0 client fragments ClientHello like this, 332 * No known SSL 3.0 client fragments ClientHello like this,
351 * so we simply assume TLS 1.0 to avoid protocol version downgrade 333 * so we simply assume TLS 1.0 to avoid protocol version downgrade
352 * attacks. */ 334 * attacks. */
353 if (p[3] == 0 && p[4] < 6) 335 if (p[3] == 0 && p[4] < 6) {
354 {
355#if 0 336#if 0
356 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); 337 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
357 goto err; 338 goto err;
358#else 339#else
359 v[1] = TLS1_VERSION_MINOR; 340 v[1] = TLS1_VERSION_MINOR;
360#endif 341#endif
361 } 342 }
362 /* if major version number > 3 set minor to a value 343 /* if major version number > 3 set minor to a value
363 * which will use the highest version 3 we support. 344 * which will use the highest version 3 we support.
364 * If TLS 2.0 ever appears we will need to revise 345 * If TLS 2.0 ever appears we will need to revise
365 * this.... 346 * this....
366 */ 347 */
367 else if (p[9] > SSL3_VERSION_MAJOR) 348 else if (p[9] > SSL3_VERSION_MAJOR)
368 v[1]=0xff; 349 v[1] = 0xff;
369 else 350 else
370 v[1]=p[10]; /* minor version according to client_version */ 351 v[1] = p[10]; /* minor version according to client_version */
371 if (v[1] >= TLS1_VERSION_MINOR) 352 if (v[1] >= TLS1_VERSION_MINOR) {
372 {
373 if (v[1] >= TLS1_2_VERSION_MINOR && 353 if (v[1] >= TLS1_2_VERSION_MINOR &&
374 !(s->options & SSL_OP_NO_TLSv1_2)) 354 !(s->options & SSL_OP_NO_TLSv1_2)) {
375 { 355 s->version = TLS1_2_VERSION;
376 s->version=TLS1_2_VERSION; 356 type = 3;
377 type=3; 357 } else if (v[1] >= TLS1_1_VERSION_MINOR &&
378 } 358 !(s->options & SSL_OP_NO_TLSv1_1)) {
379 else if (v[1] >= TLS1_1_VERSION_MINOR && 359 s->version = TLS1_1_VERSION;
380 !(s->options & SSL_OP_NO_TLSv1_1)) 360 type = 3;
381 { 361 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
382 s->version=TLS1_1_VERSION; 362 s->version = TLS1_VERSION;
383 type=3; 363 type = 3;
384 } 364 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
385 else if (!(s->options & SSL_OP_NO_TLSv1)) 365 s->version = SSL3_VERSION;
386 { 366 type = 3;
387 s->version=TLS1_VERSION;
388 type=3;
389 }
390 else if (!(s->options & SSL_OP_NO_SSLv3))
391 {
392 s->version=SSL3_VERSION;
393 type=3;
394 }
395 } 367 }
396 else 368 } else {
397 {
398 /* client requests SSL 3.0 */ 369 /* client requests SSL 3.0 */
399 if (!(s->options & SSL_OP_NO_SSLv3)) 370 if (!(s->options & SSL_OP_NO_SSLv3)) {
400 { 371 s->version = SSL3_VERSION;
401 s->version=SSL3_VERSION; 372 type = 3;
402 type=3; 373 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
403 }
404 else if (!(s->options & SSL_OP_NO_TLSv1))
405 {
406 /* we won't be able to use TLS of course, 374 /* we won't be able to use TLS of course,
407 * but this will send an appropriate alert */ 375 * but this will send an appropriate alert */
408 s->version=TLS1_VERSION; 376 s->version = TLS1_VERSION;
409 type=3; 377 type = 3;
410 }
411 } 378 }
412 } 379 }
413 else if ((strncmp("GET ", (char *)p,4) == 0) || 380 }
414 (strncmp("POST ",(char *)p,5) == 0) || 381 else if ((strncmp("GET ", (char *)p, 4) == 0) ||
415 (strncmp("HEAD ",(char *)p,5) == 0) || 382 (strncmp("POST ",(char *)p, 5) == 0) ||
416 (strncmp("PUT ", (char *)p,4) == 0)) 383 (strncmp("HEAD ",(char *)p, 5) == 0) ||
417 { 384 (strncmp("PUT ", (char *)p, 4) == 0)) {
418 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); 385 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
419 goto err; 386 goto err;
420 } 387 } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
421 else if (strncmp("CONNECT",(char *)p,7) == 0) 388 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
422 {
423 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
424 goto err; 389 goto err;
425 }
426 } 390 }
391 }
427 392
428#ifdef OPENSSL_FIPS 393#ifdef OPENSSL_FIPS
429 if (FIPS_mode() && (s->version < TLS1_VERSION)) 394 if (FIPS_mode() && (s->version < TLS1_VERSION)) {
430 {
431 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, 395 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
432 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 396 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
433 goto err; 397 goto err;
434 } 398 }
435#endif 399#endif
436 400
437 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) 401 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
438 {
439 /* we have SSLv3/TLSv1 in an SSLv2 header 402 /* we have SSLv3/TLSv1 in an SSLv2 header
440 * (other cases skip this state) */ 403 * (other cases skip this state) */
441 404
442 type=2; 405 type = 2;
443 p=s->packet; 406 p = s->packet;
444 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ 407 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
445 v[1] = p[4]; 408 v[1] = p[4];
446 409
447 n=((p[0]&0x7f)<<8)|p[1]; 410 n = ((p[0] & 0x7f) << 8) | p[1];
448 if (n > (1024*4)) 411 if (n > (1024 * 4)) {
449 { 412 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
450 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
451 goto err; 413 goto err;
452 } 414 }
453 415
454 j=ssl23_read_bytes(s,n+2); 416 j = ssl23_read_bytes(s, n + 2);
455 if (j <= 0) return(j); 417 if (j <= 0)
418 return (j);
456 419
457 ssl3_finish_mac(s, s->packet+2, s->packet_length-2); 420 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
458 if (s->msg_callback) 421 if (s->msg_callback)
459 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 422 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
460 423
461 p=s->packet; 424 p = s->packet;
462 p+=5; 425 p += 5;
463 n2s(p,csl); 426 n2s(p, csl);
464 n2s(p,sil); 427 n2s(p, sil);
465 n2s(p,cl); 428 n2s(p, cl);
466 d=(unsigned char *)s->init_buf->data; 429 d = (unsigned char *)s->init_buf->data;
467 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format 430 if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
468 * Client Hello, can we? Error condition should be 431 * Client Hello, can we ? Error condition should be
469 * '>' otherweise */ 432 * '>' otherweise */
470 { 433 {
471 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); 434 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
472 goto err; 435 goto err;
473 } 436 }
474 437
475 /* record header: msg_type ... */ 438 /* record header: msg_type ... */
476 *(d++) = SSL3_MT_CLIENT_HELLO; 439 *(d++) = SSL3_MT_CLIENT_HELLO;
@@ -484,130 +447,122 @@ int ssl23_get_client_hello(SSL *s)
484 447
485 /* lets populate the random area */ 448 /* lets populate the random area */
486 /* get the challenge_length */ 449 /* get the challenge_length */
487 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; 450 i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
488 memset(d,0,SSL3_RANDOM_SIZE); 451 memset(d, 0, SSL3_RANDOM_SIZE);
489 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); 452 memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
490 d+=SSL3_RANDOM_SIZE; 453 d += SSL3_RANDOM_SIZE;
491 454
492 /* no session-id reuse */ 455 /* no session-id reuse */
493 *(d++)=0; 456 *(d++) = 0;
494 457
495 /* ciphers */ 458 /* ciphers */
496 j=0; 459 j = 0;
497 dd=d; 460 dd = d;
498 d+=2; 461 d += 2;
499 for (i=0; i<csl; i+=3) 462 for (i = 0; i < csl; i += 3) {
500 { 463 if (p[i] != 0)
501 if (p[i] != 0) continue; 464 continue;
502 *(d++)=p[i+1]; 465 *(d++) = p[i + 1];
503 *(d++)=p[i+2]; 466 *(d++) = p[i + 2];
504 j+=2; 467 j += 2;
505 } 468 }
506 s2n(j,dd); 469 s2n(j, dd);
507 470
508 /* COMPRESSION */ 471 /* COMPRESSION */
509 *(d++)=1; 472 *(d++) = 1;
510 *(d++)=0; 473 *(d++) = 0;
511 474
512#if 0 475#if 0
513 /* copy any remaining data with may be extensions */ 476 /* copy any remaining data with may be extensions */
514 p = p+csl+sil+cl; 477 p = p + csl + sil + cl;
515 while (p < s->packet+s->packet_length) 478 while (p < s->packet + s->packet_length) {
516 {
517 *(d++)=*(p++); 479 *(d++)=*(p++);
518 } 480 }
519#endif 481#endif
520 482
521 i = (d-(unsigned char *)s->init_buf->data) - 4; 483 i = (d - (unsigned char *)s->init_buf->data) - 4;
522 l2n3((long)i, d_len); 484 l2n3((long)i, d_len);
523 485
524 /* get the data reused from the init_buf */ 486 /* get the data reused from the init_buf */
525 s->s3->tmp.reuse_message=1; 487 s->s3->tmp.reuse_message = 1;
526 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; 488 s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
527 s->s3->tmp.message_size=i; 489 s->s3->tmp.message_size = i;
528 } 490 }
529 491
530 /* imaginary new state (for program structure): */ 492 /* imaginary new state (for program structure): */
531 /* s->state = SSL23_SR_CLNT_HELLO_C */ 493 /* s->state = SSL23_SR_CLNT_HELLO_C */
532 494
533 if (type == 1) 495 if (type == 1) {
534 {
535#ifdef OPENSSL_NO_SSL2 496#ifdef OPENSSL_NO_SSL2
536 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 497 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
537 goto err; 498 goto err;
538#else 499#else
539 /* we are talking sslv2 */ 500 /* we are talking sslv2 */
540 /* we need to clean up the SSLv3/TLSv1 setup and put in the 501 /* we need to clean up the SSLv3/TLSv1 setup and put in the
541 * sslv2 stuff. */ 502 * sslv2 stuff. */
542 503
543 if (s->s2 == NULL) 504 if (s->s2 == NULL) {
544 {
545 if (!ssl2_new(s)) 505 if (!ssl2_new(s))
546 goto err; 506 goto err;
547 } 507 } else
548 else
549 ssl2_clear(s); 508 ssl2_clear(s);
550 509
551 if (s->s3 != NULL) ssl3_free(s); 510 if (s->s3 != NULL)
511 ssl3_free(s);
552 512
553 if (!BUF_MEM_grow_clean(s->init_buf, 513 if (!BUF_MEM_grow_clean(s->init_buf,
554 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 514 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
555 {
556 goto err; 515 goto err;
557 } 516 }
558 517
559 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 518 s->state = SSL2_ST_GET_CLIENT_HELLO_A;
560 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) 519 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
561 s->s2->ssl2_rollback=0; 520 s->s2->ssl2_rollback = 0;
562 else 521 else
563 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 522 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
564 * (SSL 3.0 draft/RFC 2246, App. E.2) */ 523 * (SSL 3.0 draft/RFC 2246, App. E.2) */
565 s->s2->ssl2_rollback=1; 524 s->s2->ssl2_rollback = 1;
566 525
567 /* setup the n bytes we have read so we get them from 526 /* setup the n bytes we have read so we get them from
568 * the sslv2 buffer */ 527 * the sslv2 buffer */
569 s->rstate=SSL_ST_READ_HEADER; 528 s->rstate = SSL_ST_READ_HEADER;
570 s->packet_length=n; 529 s->packet_length = n;
571 s->packet= &(s->s2->rbuf[0]); 530 s->packet = &(s->s2->rbuf[0]);
572 memcpy(s->packet,buf,n); 531 memcpy(s->packet, buf, n);
573 s->s2->rbuf_left=n; 532 s->s2->rbuf_left = n;
574 s->s2->rbuf_offs=0; 533 s->s2->rbuf_offs = 0;
575 534
576 s->method=SSLv2_server_method(); 535 s->method = SSLv2_server_method();
577 s->handshake_func=s->method->ssl_accept; 536 s->handshake_func = s->method->ssl_accept;
578#endif 537#endif
579 } 538 }
580 539
581 if ((type == 2) || (type == 3)) 540 if ((type == 2) || (type == 3)) {
582 {
583 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 541 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
584 542
585 if (!ssl_init_wbio_buffer(s,1)) goto err; 543 if (!ssl_init_wbio_buffer(s, 1)) goto err;
586 544
587 /* we are in this state */ 545 /* we are in this state */
588 s->state=SSL3_ST_SR_CLNT_HELLO_A; 546 s->state = SSL3_ST_SR_CLNT_HELLO_A;
589 547
590 if (type == 3) 548 if (type == 3) {
591 {
592 /* put the 'n' bytes we have read into the input buffer 549 /* put the 'n' bytes we have read into the input buffer
593 * for SSLv3 */ 550 * for SSLv3 */
594 s->rstate=SSL_ST_READ_HEADER; 551 s->rstate = SSL_ST_READ_HEADER;
595 s->packet_length=n; 552 s->packet_length = n;
596 if (s->s3->rbuf.buf == NULL) 553 if (s->s3->rbuf.buf == NULL)
597 if (!ssl3_setup_read_buffer(s)) 554 if (!ssl3_setup_read_buffer(s))
598 goto err; 555 goto err;
599 556
600 s->packet= &(s->s3->rbuf.buf[0]); 557 s->packet = &(s->s3->rbuf.buf[0]);
601 memcpy(s->packet,buf,n); 558 memcpy(s->packet, buf, n);
602 s->s3->rbuf.left=n; 559 s->s3->rbuf.left = n;
603 s->s3->rbuf.offset=0; 560 s->s3->rbuf.offset = 0;
604 } 561 } else {
605 else 562 s->packet_length = 0;
606 { 563 s->s3->rbuf.left = 0;
607 s->packet_length=0; 564 s->s3->rbuf.offset = 0;
608 s->s3->rbuf.left=0; 565 }
609 s->s3->rbuf.offset=0;
610 }
611 if (s->version == TLS1_2_VERSION) 566 if (s->version == TLS1_2_VERSION)
612 s->method = TLSv1_2_server_method(); 567 s->method = TLSv1_2_server_method();
613 else if (s->version == TLS1_1_VERSION) 568 else if (s->version == TLS1_1_VERSION)
@@ -617,22 +572,23 @@ int ssl23_get_client_hello(SSL *s)
617 else 572 else
618 s->method = SSLv3_server_method(); 573 s->method = SSLv3_server_method();
619#if 0 /* ssl3_get_client_hello does this */ 574#if 0 /* ssl3_get_client_hello does this */
620 s->client_version=(v[0]<<8)|v[1]; 575 s->client_version = (v[0]<<8)|v[1];
621#endif 576#endif
622 s->handshake_func=s->method->ssl_accept; 577 s->handshake_func = s->method->ssl_accept;
623 } 578 }
624 579
625 if ((type < 1) || (type > 3)) 580 if ((type < 1) || (type > 3)) {
626 {
627 /* bad, very bad */ 581 /* bad, very bad */
628 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); 582 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
629 goto err; 583 goto err;
630 } 584 }
631 s->init_num=0; 585 s->init_num = 0;
632 586
633 if (buf != buf_space) OPENSSL_free(buf); 587 if (buf != buf_space)
634 return(SSL_accept(s)); 588 OPENSSL_free(buf);
589 return (SSL_accept(s));
635err: 590err:
636 if (buf != buf_space) OPENSSL_free(buf); 591 if (buf != buf_space)
637 return(-1); 592 OPENSSL_free(buf);
638 } 593 return (-1);
594}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:44:50 +0000