summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s23_clnt.c86
1 files changed, 50 insertions, 36 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index a4661ebb68..b2be8340fb 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -57,28 +57,22 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "buffer.h" 60#include <openssl/buffer.h>
61#include "rand.h" 61#include <openssl/rand.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "evp.h" 63#include <openssl/evp.h>
64#include "ssl_locl.h" 64#include "ssl_locl.h"
65 65
66#define BREAK break 66static SSL_METHOD *ssl23_get_client_method(int ver);
67
68#ifndef NOPROTO
69static int ssl23_client_hello(SSL *s); 67static int ssl23_client_hello(SSL *s);
70static int ssl23_get_server_hello(SSL *s); 68static int ssl23_get_server_hello(SSL *s);
71#else 69static SSL_METHOD *ssl23_get_client_method(int ver)
72static int ssl23_client_hello();
73static int ssl23_get_server_hello();
74#endif
75
76static SSL_METHOD *ssl23_get_client_method(ver)
77int ver;
78 { 70 {
71#ifndef OPENSSL_NO_SSL2
79 if (ver == SSL2_VERSION) 72 if (ver == SSL2_VERSION)
80 return(SSLv2_client_method()); 73 return(SSLv2_client_method());
81 else if (ver == SSL3_VERSION) 74#endif
75 if (ver == SSL3_VERSION)
82 return(SSLv3_client_method()); 76 return(SSLv3_client_method());
83 else if (ver == TLS1_VERSION) 77 else if (ver == TLS1_VERSION)
84 return(TLSv1_client_method()); 78 return(TLSv1_client_method());
@@ -86,32 +80,31 @@ int ver;
86 return(NULL); 80 return(NULL);
87 } 81 }
88 82
89SSL_METHOD *SSLv23_client_method() 83SSL_METHOD *SSLv23_client_method(void)
90 { 84 {
91 static int init=1; 85 static int init=1;
92 static SSL_METHOD SSLv23_client_data; 86 static SSL_METHOD SSLv23_client_data;
93 87
94 if (init) 88 if (init)
95 { 89 {
96 init=0;
97 memcpy((char *)&SSLv23_client_data, 90 memcpy((char *)&SSLv23_client_data,
98 (char *)sslv23_base_method(),sizeof(SSL_METHOD)); 91 (char *)sslv23_base_method(),sizeof(SSL_METHOD));
99 SSLv23_client_data.ssl_connect=ssl23_connect; 92 SSLv23_client_data.ssl_connect=ssl23_connect;
100 SSLv23_client_data.get_ssl_method=ssl23_get_client_method; 93 SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
94 init=0;
101 } 95 }
102 return(&SSLv23_client_data); 96 return(&SSLv23_client_data);
103 } 97 }
104 98
105int ssl23_connect(s) 99int ssl23_connect(SSL *s)
106SSL *s;
107 { 100 {
108 BUF_MEM *buf; 101 BUF_MEM *buf;
109 unsigned long Time=time(NULL); 102 unsigned long Time=time(NULL);
110 void (*cb)()=NULL; 103 void (*cb)(const SSL *ssl,int type,int val)=NULL;
111 int ret= -1; 104 int ret= -1;
112 int new_state,state; 105 int new_state,state;
113 106
114 RAND_seed((unsigned char *)&Time,sizeof(Time)); 107 RAND_add(&Time,sizeof(Time),0);
115 ERR_clear_error(); 108 ERR_clear_error();
116 clear_sys_error(); 109 clear_sys_error();
117 110
@@ -120,8 +113,8 @@ SSL *s;
120 else if (s->ctx->info_callback != NULL) 113 else if (s->ctx->info_callback != NULL)
121 cb=s->ctx->info_callback; 114 cb=s->ctx->info_callback;
122 115
123 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
124 s->in_handshake++; 116 s->in_handshake++;
117 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
125 118
126 for (;;) 119 for (;;)
127 { 120 {
@@ -134,6 +127,13 @@ SSL *s;
134 case SSL_ST_BEFORE|SSL_ST_CONNECT: 127 case SSL_ST_BEFORE|SSL_ST_CONNECT:
135 case SSL_ST_OK|SSL_ST_CONNECT: 128 case SSL_ST_OK|SSL_ST_CONNECT:
136 129
130 if (s->session != NULL)
131 {
132 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
133 ret= -1;
134 goto end;
135 }
136 s->server=0;
137 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 137 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
138 138
139 /* s->version=TLS1_VERSION; */ 139 /* s->version=TLS1_VERSION; */
@@ -159,7 +159,7 @@ SSL *s;
159 ssl3_init_finished_mac(s); 159 ssl3_init_finished_mac(s);
160 160
161 s->state=SSL23_ST_CW_CLNT_HELLO_A; 161 s->state=SSL23_ST_CW_CLNT_HELLO_A;
162 s->ctx->sess_connect++; 162 s->ctx->stats.sess_connect++;
163 s->init_num=0; 163 s->init_num=0;
164 break; 164 break;
165 165
@@ -179,7 +179,7 @@ SSL *s;
179 ret=ssl23_get_server_hello(s); 179 ret=ssl23_get_server_hello(s);
180 if (ret >= 0) cb=NULL; 180 if (ret >= 0) cb=NULL;
181 goto end; 181 goto end;
182 break; 182 /* break; */
183 183
184 default: 184 default:
185 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); 185 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
@@ -188,7 +188,7 @@ SSL *s;
188 /* break; */ 188 /* break; */
189 } 189 }
190 190
191 if (s->debug) BIO_flush(s->wbio); 191 if (s->debug) { (void)BIO_flush(s->wbio); }
192 192
193 if ((cb != NULL) && (s->state != state)) 193 if ((cb != NULL) && (s->state != state))
194 { 194 {
@@ -206,12 +206,12 @@ end:
206 } 206 }
207 207
208 208
209static int ssl23_client_hello(s) 209static int ssl23_client_hello(SSL *s)
210SSL *s;
211 { 210 {
212 unsigned char *buf; 211 unsigned char *buf;
213 unsigned char *p,*d; 212 unsigned char *p,*d;
214 int i,ch_len; 213 int i,ch_len;
214 int ret;
215 215
216 buf=(unsigned char *)s->init_buf->data; 216 buf=(unsigned char *)s->init_buf->data;
217 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 217 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -225,7 +225,7 @@ SSL *s;
225#endif 225#endif
226 226
227 p=s->s3->client_random; 227 p=s->s3->client_random;
228 RAND_bytes(p,SSL3_RANDOM_SIZE); 228 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
229 229
230 /* Do the message type and length last */ 230 /* Do the message type and length last */
231 d= &(buf[2]); 231 d= &(buf[2]);
@@ -236,16 +236,19 @@ SSL *s;
236 { 236 {
237 *(d++)=TLS1_VERSION_MAJOR; 237 *(d++)=TLS1_VERSION_MAJOR;
238 *(d++)=TLS1_VERSION_MINOR; 238 *(d++)=TLS1_VERSION_MINOR;
239 s->client_version=TLS1_VERSION;
239 } 240 }
240 else if (!(s->options & SSL_OP_NO_SSLv3)) 241 else if (!(s->options & SSL_OP_NO_SSLv3))
241 { 242 {
242 *(d++)=SSL3_VERSION_MAJOR; 243 *(d++)=SSL3_VERSION_MAJOR;
243 *(d++)=SSL3_VERSION_MINOR; 244 *(d++)=SSL3_VERSION_MINOR;
245 s->client_version=SSL3_VERSION;
244 } 246 }
245 else if (!(s->options & SSL_OP_NO_SSLv2)) 247 else if (!(s->options & SSL_OP_NO_SSLv2))
246 { 248 {
247 *(d++)=SSL2_VERSION_MAJOR; 249 *(d++)=SSL2_VERSION_MAJOR;
248 *(d++)=SSL2_VERSION_MINOR; 250 *(d++)=SSL2_VERSION_MINOR;
251 s->client_version=SSL2_VERSION;
249 } 252 }
250 else 253 else
251 { 254 {
@@ -283,7 +286,7 @@ SSL *s;
283 i=ch_len; 286 i=ch_len;
284 s2n(i,d); 287 s2n(i,d);
285 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 288 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
286 RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 289 RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
287 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 290 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
288 p+=i; 291 p+=i;
289 292
@@ -300,15 +303,18 @@ SSL *s;
300 } 303 }
301 304
302 /* SSL3_ST_CW_CLNT_HELLO_B */ 305 /* SSL3_ST_CW_CLNT_HELLO_B */
303 return(ssl23_write_bytes(s)); 306 ret = ssl23_write_bytes(s);
307 if (ret >= 2)
308 if (s->msg_callback)
309 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
310 return ret;
304 } 311 }
305 312
306static int ssl23_get_server_hello(s) 313static int ssl23_get_server_hello(SSL *s)
307SSL *s;
308 { 314 {
309 char buf[8]; 315 char buf[8];
310 unsigned char *p; 316 unsigned char *p;
311 int i,ch_len; 317 int i;
312 int n; 318 int n;
313 319
314 n=ssl23_read_bytes(s,7); 320 n=ssl23_read_bytes(s,7);
@@ -321,9 +327,14 @@ SSL *s;
321 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 327 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
322 (p[5] == 0x00) && (p[6] == 0x02)) 328 (p[5] == 0x00) && (p[6] == 0x02))
323 { 329 {
330#ifdef OPENSSL_NO_SSL2
331 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
332 goto err;
333#else
324 /* we are talking sslv2 */ 334 /* we are talking sslv2 */
325 /* we need to clean up the SSLv3 setup and put in the 335 /* we need to clean up the SSLv3 setup and put in the
326 * sslv2 stuff. */ 336 * sslv2 stuff. */
337 int ch_len;
327 338
328 if (s->options & SSL_OP_NO_SSLv2) 339 if (s->options & SSL_OP_NO_SSLv2)
329 { 340 {
@@ -360,7 +371,9 @@ SSL *s;
360 } 371 }
361 372
362 s->state=SSL2_ST_GET_SERVER_HELLO_A; 373 s->state=SSL2_ST_GET_SERVER_HELLO_A;
363 s->s2->ssl2_rollback=1; 374 if (!(s->client_version == SSL2_VERSION))
375 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
376 s->s2->ssl2_rollback=1;
364 377
365 /* setup the 5 bytes we have read so we get them from 378 /* setup the 5 bytes we have read so we get them from
366 * the sslv2 buffer */ 379 * the sslv2 buffer */
@@ -376,6 +389,7 @@ SSL *s;
376 389
377 s->method=SSLv2_client_method(); 390 s->method=SSLv2_client_method();
378 s->handshake_func=s->method->ssl_connect; 391 s->handshake_func=s->method->ssl_connect;
392#endif
379 } 393 }
380 else if ((p[0] == SSL3_RT_HANDSHAKE) && 394 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
381 (p[1] == SSL3_VERSION_MAJOR) && 395 (p[1] == SSL3_VERSION_MAJOR) &&
@@ -426,7 +440,7 @@ SSL *s;
426 (p[3] == 0) && 440 (p[3] == 0) &&
427 (p[4] == 2)) 441 (p[4] == 2))
428 { 442 {
429 void (*cb)()=NULL; 443 void (*cb)(const SSL *ssl,int type,int val)=NULL;
430 int j; 444 int j;
431 445
432 /* An alert */ 446 /* An alert */
@@ -443,7 +457,7 @@ SSL *s;
443 } 457 }
444 458
445 s->rwstate=SSL_NOTHING; 459 s->rwstate=SSL_NOTHING;
446 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]); 460 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
447 goto err; 461 goto err;
448 } 462 }
449 else 463 else
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 15:27:04 +0000