diff options
| author | beck <> | 2002-05-15 02:29:21 +0000 |
|---|---|---|
| committer | beck <> | 2002-05-15 02:29:21 +0000 |
| commit | b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch) | |
| tree | fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libssl/s23_srvr.c | |
| parent | e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff) | |
| download | openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2 openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip | |
OpenSSL 0.9.7 stable 2002 05 08 merge
Diffstat (limited to 'src/lib/libssl/s23_srvr.c')
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 181 |
1 files changed, 97 insertions, 84 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 050618235f..9e89cc7f9a 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -55,6 +55,59 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include <openssl/buffer.h> | 113 | #include <openssl/buffer.h> |
| @@ -67,7 +120,7 @@ static SSL_METHOD *ssl23_get_server_method(int ver); | |||
| 67 | int ssl23_get_client_hello(SSL *s); | 120 | int ssl23_get_client_hello(SSL *s); |
| 68 | static SSL_METHOD *ssl23_get_server_method(int ver) | 121 | static SSL_METHOD *ssl23_get_server_method(int ver) |
| 69 | { | 122 | { |
| 70 | #ifndef NO_SSL2 | 123 | #ifndef OPENSSL_NO_SSL2 |
| 71 | if (ver == SSL2_VERSION) | 124 | if (ver == SSL2_VERSION) |
| 72 | return(SSLv2_server_method()); | 125 | return(SSLv2_server_method()); |
| 73 | #endif | 126 | #endif |
| @@ -99,7 +152,7 @@ int ssl23_accept(SSL *s) | |||
| 99 | { | 152 | { |
| 100 | BUF_MEM *buf; | 153 | BUF_MEM *buf; |
| 101 | unsigned long Time=time(NULL); | 154 | unsigned long Time=time(NULL); |
| 102 | void (*cb)()=NULL; | 155 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 103 | int ret= -1; | 156 | int ret= -1; |
| 104 | int new_state,state; | 157 | int new_state,state; |
| 105 | 158 | ||
| @@ -112,8 +165,8 @@ int ssl23_accept(SSL *s) | |||
| 112 | else if (s->ctx->info_callback != NULL) | 165 | else if (s->ctx->info_callback != NULL) |
| 113 | cb=s->ctx->info_callback; | 166 | cb=s->ctx->info_callback; |
| 114 | 167 | ||
| 115 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 116 | s->in_handshake++; | 168 | s->in_handshake++; |
| 169 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 117 | 170 | ||
| 118 | for (;;) | 171 | for (;;) |
| 119 | { | 172 | { |
| @@ -179,9 +232,9 @@ int ssl23_accept(SSL *s) | |||
| 179 | } | 232 | } |
| 180 | } | 233 | } |
| 181 | end: | 234 | end: |
| 235 | s->in_handshake--; | ||
| 182 | if (cb != NULL) | 236 | if (cb != NULL) |
| 183 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | 237 | cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 184 | s->in_handshake--; | ||
| 185 | return(ret); | 238 | return(ret); |
| 186 | } | 239 | } |
| 187 | 240 | ||
| @@ -202,13 +255,13 @@ int ssl23_get_client_hello(SSL *s) | |||
| 202 | * 9/10 client_version / | 255 | * 9/10 client_version / |
| 203 | */ | 256 | */ |
| 204 | char *buf= &(buf_space[0]); | 257 | char *buf= &(buf_space[0]); |
| 205 | unsigned char *p,*d,*dd; | 258 | unsigned char *p,*d,*d_len,*dd; |
| 206 | unsigned int i; | 259 | unsigned int i; |
| 207 | unsigned int csl,sil,cl; | 260 | unsigned int csl,sil,cl; |
| 208 | int n=0,j; | 261 | int n=0,j; |
| 209 | int type=0; | 262 | int type=0; |
| 210 | int v[2]; | 263 | int v[2]; |
| 211 | #ifndef NO_RSA | 264 | #ifndef OPENSSL_NO_RSA |
| 212 | int use_sslv2_strong=0; | 265 | int use_sslv2_strong=0; |
| 213 | #endif | 266 | #endif |
| 214 | 267 | ||
| @@ -270,72 +323,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 270 | else if (!(s->options & SSL_OP_NO_SSLv2)) | 323 | else if (!(s->options & SSL_OP_NO_SSLv2)) |
| 271 | type=1; | 324 | type=1; |
| 272 | 325 | ||
| 273 | if (s->options & SSL_OP_NON_EXPORT_FIRST) | ||
| 274 | /* Not only utterly confusing, but broken | ||
| 275 | * ('fractured programming'?) -- the details | ||
| 276 | * of this block nearly make it work | ||
| 277 | * as intended in this environment, but on one | ||
| 278 | * of the fine points (w.r.t. restarts) it fails. | ||
| 279 | * The obvious fix would be even more devastating | ||
| 280 | * to program structure; if you want the functionality, | ||
| 281 | * throw this away and implement it in a way | ||
| 282 | * that makes sense */ | ||
| 283 | { | ||
| 284 | #if 0 | ||
| 285 | STACK_OF(SSL_CIPHER) *sk; | ||
| 286 | SSL_CIPHER *c; | ||
| 287 | int ne2,ne3; | ||
| 288 | |||
| 289 | j=((p[0]&0x7f)<<8)|p[1]; | ||
| 290 | if (j > (1024*4)) | ||
| 291 | { | ||
| 292 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); | ||
| 293 | goto err; | ||
| 294 | } | ||
| 295 | |||
| 296 | n=ssl23_read_bytes(s,j+2); | ||
| 297 | if (n <= 0) return(n); | ||
| 298 | p=s->packet; | ||
| 299 | |||
| 300 | if ((buf=OPENSSL_malloc(n)) == NULL) | ||
| 301 | { | ||
| 302 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 303 | goto err; | ||
| 304 | } | ||
| 305 | memcpy(buf,p,n); | ||
| 306 | |||
| 307 | p+=5; | ||
| 308 | n2s(p,csl); | ||
| 309 | p+=4; | ||
| 310 | |||
| 311 | sk=ssl_bytes_to_cipher_list( | ||
| 312 | s,p,csl,NULL); | ||
| 313 | if (sk != NULL) | ||
| 314 | { | ||
| 315 | ne2=ne3=0; | ||
| 316 | for (j=0; j<sk_SSL_CIPHER_num(sk); j++) | ||
| 317 | { | ||
| 318 | c=sk_SSL_CIPHER_value(sk,j); | ||
| 319 | if (!SSL_C_IS_EXPORT(c)) | ||
| 320 | { | ||
| 321 | if ((c->id>>24L) == 2L) | ||
| 322 | ne2=1; | ||
| 323 | else | ||
| 324 | ne3=1; | ||
| 325 | } | ||
| 326 | } | ||
| 327 | if (ne2 && !ne3) | ||
| 328 | { | ||
| 329 | type=1; | ||
| 330 | use_sslv2_strong=1; | ||
| 331 | goto next_bit; | ||
| 332 | } | ||
| 333 | } | ||
| 334 | #else | ||
| 335 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION); | ||
| 336 | goto err; | ||
| 337 | #endif | ||
| 338 | } | ||
| 339 | } | 326 | } |
| 340 | } | 327 | } |
| 341 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | 328 | else if ((p[0] == SSL3_RT_HANDSHAKE) && |
| @@ -352,17 +339,22 @@ int ssl23_get_client_hello(SSL *s) | |||
| 352 | /* We must look at client_version inside the Client Hello message | 339 | /* We must look at client_version inside the Client Hello message |
| 353 | * to get the correct minor version. | 340 | * to get the correct minor version. |
| 354 | * However if we have only a pathologically small fragment of the | 341 | * However if we have only a pathologically small fragment of the |
| 355 | * Client Hello message, this would be difficult, we'd have | 342 | * Client Hello message, this would be difficult, and we'd have |
| 356 | * to read at least one additional record to find out. | 343 | * to read more records to find out. |
| 357 | * This doesn't usually happen in real life, so we just complain | 344 | * No known SSL 3.0 client fragments ClientHello like this, |
| 358 | * for now. | 345 | * so we simply assume TLS 1.0 to avoid protocol version downgrade |
| 359 | */ | 346 | * attacks. */ |
| 360 | if (p[3] == 0 && p[4] < 6) | 347 | if (p[3] == 0 && p[4] < 6) |
| 361 | { | 348 | { |
| 349 | #if 0 | ||
| 362 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); | 350 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); |
| 363 | goto err; | 351 | goto err; |
| 352 | #else | ||
| 353 | v[1] = TLS1_VERSION_MINOR; | ||
| 354 | #endif | ||
| 364 | } | 355 | } |
| 365 | v[1]=p[10]; /* minor version according to client_version */ | 356 | else |
| 357 | v[1]=p[10]; /* minor version according to client_version */ | ||
| 366 | if (v[1] >= TLS1_VERSION_MINOR) | 358 | if (v[1] >= TLS1_VERSION_MINOR) |
| 367 | { | 359 | { |
| 368 | if (!(s->options & SSL_OP_NO_TLSv1)) | 360 | if (!(s->options & SSL_OP_NO_TLSv1)) |
| @@ -376,10 +368,21 @@ int ssl23_get_client_hello(SSL *s) | |||
| 376 | type=3; | 368 | type=3; |
| 377 | } | 369 | } |
| 378 | } | 370 | } |
| 379 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 371 | else |
| 380 | { | 372 | { |
| 381 | s->version=SSL3_VERSION; | 373 | /* client requests SSL 3.0 */ |
| 382 | type=3; | 374 | if (!(s->options & SSL_OP_NO_SSLv3)) |
| 375 | { | ||
| 376 | s->version=SSL3_VERSION; | ||
| 377 | type=3; | ||
| 378 | } | ||
| 379 | else if (!(s->options & SSL_OP_NO_TLSv1)) | ||
| 380 | { | ||
| 381 | /* we won't be able to use TLS of course, | ||
| 382 | * but this will send an appropriate alert */ | ||
| 383 | s->version=TLS1_VERSION; | ||
| 384 | type=3; | ||
| 385 | } | ||
| 383 | } | 386 | } |
| 384 | } | 387 | } |
| 385 | else if ((strncmp("GET ", (char *)p,4) == 0) || | 388 | else if ((strncmp("GET ", (char *)p,4) == 0) || |
| @@ -417,7 +420,9 @@ int ssl23_get_client_hello(SSL *s) | |||
| 417 | j=ssl23_read_bytes(s,n+2); | 420 | j=ssl23_read_bytes(s,n+2); |
| 418 | if (j <= 0) return(j); | 421 | if (j <= 0) return(j); |
| 419 | 422 | ||
| 420 | ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); | 423 | ssl3_finish_mac(s, s->packet+2, s->packet_length-2); |
| 424 | if (s->msg_callback) | ||
| 425 | s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | ||
| 421 | 426 | ||
| 422 | p=s->packet; | 427 | p=s->packet; |
| 423 | p+=5; | 428 | p+=5; |
| @@ -431,6 +436,13 @@ int ssl23_get_client_hello(SSL *s) | |||
| 431 | goto err; | 436 | goto err; |
| 432 | } | 437 | } |
| 433 | 438 | ||
| 439 | /* record header: msg_type ... */ | ||
| 440 | *(d++) = SSL3_MT_CLIENT_HELLO; | ||
| 441 | /* ... and length (actual value will be written later) */ | ||
| 442 | d_len = d; | ||
| 443 | d += 3; | ||
| 444 | |||
| 445 | /* client_version */ | ||
| 434 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | 446 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ |
| 435 | *(d++) = v[1]; | 447 | *(d++) = v[1]; |
| 436 | 448 | ||
| @@ -461,7 +473,8 @@ int ssl23_get_client_hello(SSL *s) | |||
| 461 | *(d++)=1; | 473 | *(d++)=1; |
| 462 | *(d++)=0; | 474 | *(d++)=0; |
| 463 | 475 | ||
| 464 | i=(d-(unsigned char *)s->init_buf->data); | 476 | i = (d-(unsigned char *)s->init_buf->data) - 4; |
| 477 | l2n3((long)i, d_len); | ||
| 465 | 478 | ||
| 466 | /* get the data reused from the init_buf */ | 479 | /* get the data reused from the init_buf */ |
| 467 | s->s3->tmp.reuse_message=1; | 480 | s->s3->tmp.reuse_message=1; |
| @@ -474,7 +487,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 474 | 487 | ||
| 475 | if (type == 1) | 488 | if (type == 1) |
| 476 | { | 489 | { |
| 477 | #ifdef NO_SSL2 | 490 | #ifdef OPENSSL_NO_SSL2 |
| 478 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | 491 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); |
| 479 | goto err; | 492 | goto err; |
| 480 | #else | 493 | #else |