summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s23_clnt.c283
1 files changed, 109 insertions, 174 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 7c9de0dd0e..a7b262229f 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s)
265 return 1; 265 return 1;
266} 266}
267 267
268/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 268/*
269 * on failure, 1 on success. */ 269 * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
270 * on failure, 1 on success.
271 */
270int 272int
271ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 273ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
272{ 274{
@@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s)
294 unsigned char *p, *d; 296 unsigned char *p, *d;
295 int i, ch_len; 297 int i, ch_len;
296 unsigned long l; 298 unsigned long l;
297 int ssl2_compat;
298 int version = 0, version_major, version_minor; 299 int version = 0, version_major, version_minor;
299#ifndef OPENSSL_NO_COMP 300#ifndef OPENSSL_NO_COMP
300 int j; 301 int j;
@@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s)
303 int ret; 304 int ret;
304 unsigned long mask, options = s->options; 305 unsigned long mask, options = s->options;
305 306
306 ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
307
308 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
309 ssl2_compat = 0;
310
311 /* 307 /*
312 * SSL_OP_NO_X disables all protocols above X *if* there are 308 * SSL_OP_NO_X disables all protocols above X *if* there are
313 * some protocols below X enabled. This is required in order 309 * some protocols below X enabled. This is required in order
@@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s)
333 version = SSL3_VERSION; 329 version = SSL3_VERSION;
334 mask &= ~SSL_OP_NO_SSLv3; 330 mask &= ~SSL_OP_NO_SSLv3;
335 331
336#ifndef OPENSSL_NO_TLSEXT
337 if (version != SSL2_VERSION) {
338 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
339
340 if (s->tlsext_hostname != NULL)
341 ssl2_compat = 0;
342 if (s->tlsext_status_type != -1)
343 ssl2_compat = 0;
344#ifdef TLSEXT_TYPE_opaque_prf_input
345 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
346 ssl2_compat = 0;
347#endif
348 }
349#endif
350
351 buf = (unsigned char *)s->init_buf->data; 332 buf = (unsigned char *)s->init_buf->data;
352 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { 333 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
353#if 0 334#if 0
@@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s)
373 } else if (version == SSL3_VERSION) { 354 } else if (version == SSL3_VERSION) {
374 version_major = SSL3_VERSION_MAJOR; 355 version_major = SSL3_VERSION_MAJOR;
375 version_minor = SSL3_VERSION_MINOR; 356 version_minor = SSL3_VERSION_MINOR;
376 } else if (version == SSL2_VERSION) {
377 version_major = SSL2_VERSION_MAJOR;
378 version_minor = SSL2_VERSION_MINOR;
379 } else { 357 } else {
380 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); 358 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
381 return (-1); 359 return (-1);
@@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s)
383 361
384 s->client_version = version; 362 s->client_version = version;
385 363
386 if (ssl2_compat) { 364 /* create Client Hello in SSL 3.0/TLS 1.0 format */
387 /* create SSL 2.0 compatible Client Hello */
388
389 /* two byte record header will be written last */
390 d = &(buf[2]);
391 p = d + 9; /* leave space for message type, version, individual length fields */
392
393 *(d++) = SSL2_MT_CLIENT_HELLO;
394 *(d++) = version_major;
395 *(d++) = version_minor;
396
397 /* Ciphers supported */
398 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
399 if (i == 0) {
400 /* no ciphers */
401 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
402 return -1;
403 }
404 s2n(i, d);
405 p += i;
406
407 /* put in the session-id length (zero since there is no reuse) */
408#if 0
409 s->session->session_id_length = 0;
410#endif
411 s2n(0, d);
412
413 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
414 ch_len = SSL2_CHALLENGE_LENGTH;
415 else
416 ch_len = SSL2_MAX_CHALLENGE_LENGTH;
417
418 /* write out sslv2 challenge */
419 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
420 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
421 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
422 check in for futurproofing */
423 if (SSL3_RANDOM_SIZE < ch_len)
424 i = SSL3_RANDOM_SIZE;
425 else
426 i = ch_len;
427 s2n(i, d);
428 memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
429 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
430 return -1;
431
432 memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
433 p += i;
434
435 i = p- &(buf[2]);
436 buf[0] = ((i >> 8)&0xff)|0x80;
437 buf[1] = (i&0xff);
438
439 /* number of bytes to write */
440 s->init_num = i + 2;
441 s->init_off = 0;
442
443 ssl3_finish_mac(s, &(buf[2]), i);
444 } else {
445 /* create Client Hello in SSL 3.0/TLS 1.0 format */
446 365
447 /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 366 /*
448 d = p = &(buf[9]); 367 * Do the record header (5 bytes) and handshake
368 * message header (4 bytes) last
369 */
370 d = p = &(buf[9]);
449 371
450 *(p++) = version_major; 372 *(p++) = version_major;
451 *(p++) = version_minor; 373 *(p++) = version_minor;
452 374
453 /* Random stuff */ 375 /* Random stuff */
454 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 376 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
455 p += SSL3_RANDOM_SIZE; 377 p += SSL3_RANDOM_SIZE;
456 378
457 /* Session ID (zero since there is no reuse) */ 379 /* Session ID (zero since there is no reuse) */
458 *(p++) = 0; 380 *(p++) = 0;
459 381
460 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 382 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
461 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char); 383 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
462 if (i == 0) { 384 ssl3_put_cipher_by_char);
463 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 385 if (i == 0) {
464 return -1; 386 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
465 } 387 SSL_R_NO_CIPHERS_AVAILABLE);
388 return -1;
389 }
466#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 390#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
467 /* Some servers hang if client hello > 256 bytes 391 /*
468 * as hack workaround chop number of supported ciphers 392 * Some servers hang if client hello > 256 bytes
469 * to keep it well below this if we use TLS v1.2 393 * as hack workaround chop number of supported ciphers
470 */ 394 * to keep it well below this if we use TLS v1.2
471 if (TLS1_get_version(s) >= TLS1_2_VERSION && 395 */
472 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 396 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
473 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 397 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
398 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
474#endif 399#endif
475 s2n(i, p); 400 s2n(i, p);
476 p += i; 401 p += i;
477 402
478 /* COMPRESSION */ 403 /* COMPRESSION */
479#ifdef OPENSSL_NO_COMP 404#ifdef OPENSSL_NO_COMP
480 *(p++) = 1; 405 *(p++) = 1;
481#else 406#else
482 if ((s->options & SSL_OP_NO_COMPRESSION) || 407 if ((s->options & SSL_OP_NO_COMPRESSION) ||
483 !s->ctx->comp_methods) 408 !s->ctx->comp_methods)
484 j = 0; 409 j = 0;
485 else 410 else
486 j = sk_SSL_COMP_num(s->ctx->comp_methods); 411 j = sk_SSL_COMP_num(s->ctx->comp_methods);
487 *(p++) = 1 + j; 412 *(p++) = 1 + j;
488 for (i = 0; i < j; i++) { 413 for (i = 0; i < j; i++) {
489 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); 414 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
490 *(p++) = comp->id; 415 *(p++) = comp->id;
491 } 416 }
492#endif 417#endif
493 *(p++)=0; /* Add the NULL method */ 418 /* Add the NULL method */
419 *(p++) = 0;
494 420
495#ifndef OPENSSL_NO_TLSEXT 421#ifndef OPENSSL_NO_TLSEXT
496 /* TLS extensions*/ 422 /* TLS extensions*/
497 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 423 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
498 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 424 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
499 return -1; 425 SSL_R_CLIENTHELLO_TLSEXT);
500 } 426 return -1;
501 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 427 }
502 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 428 if ((p = ssl_add_clienthello_tlsext(s, p,
503 return -1; 429 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
504 } 430 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
431 return -1;
432 }
505#endif 433#endif
506 434
507 l = p - d; 435 l = p - d;
508
509 /* fill in 4-byte handshake header */
510 d = &(buf[5]);
511 *(d++) = SSL3_MT_CLIENT_HELLO;
512 l2n3(l, d);
513 436
514 l += 4; 437 /* fill in 4-byte handshake header */
438 d = &(buf[5]);
439 *(d++) = SSL3_MT_CLIENT_HELLO;
440 l2n3(l, d);
515 441
516 if (l > SSL3_RT_MAX_PLAIN_LENGTH) { 442 l += 4;
517 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
518 return -1;
519 }
520 443
521 /* fill in 5-byte record header */ 444 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
522 d = buf; 445 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
523 *(d++) = SSL3_RT_HANDSHAKE; 446 return -1;
524 *(d++) = version_major;
525 /* Some servers hang if we use long client hellos
526 * and a record number > TLS 1.0.
527 */
528 if (TLS1_get_client_version(s) > TLS1_VERSION)
529 *(d++) = 1;
530 else
531 *(d++) = version_minor;
532 s2n((int)l, d);
533
534 /* number of bytes to write */
535 s->init_num = p - buf;
536 s->init_off = 0;
537
538 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
539 } 447 }
540 448
449 /* fill in 5-byte record header */
450 d = buf;
451 *(d++) = SSL3_RT_HANDSHAKE;
452 *(d++) = version_major;
453
454 /*
455 * Some servers hang if we use long client hellos
456 * and a record number > TLS 1.0.
457 */
458 if (TLS1_get_client_version(s) > TLS1_VERSION)
459 *(d++) = 1;
460 else
461 *(d++) = version_minor;
462 s2n((int)l, d);
463
464 /* number of bytes to write */
465 s->init_num = p - buf;
466 s->init_off = 0;
467
468 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
469
541 s->state = SSL23_ST_CW_CLNT_HELLO_B; 470 s->state = SSL23_ST_CW_CLNT_HELLO_B;
542 s->init_off = 0; 471 s->init_off = 0;
543 } 472 }
@@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s)
548 if ((ret >= 2) && s->msg_callback) { 477 if ((ret >= 2) && s->msg_callback) {
549 /* Client Hello has been sent; tell msg_callback */ 478 /* Client Hello has been sent; tell msg_callback */
550 479
551 if (ssl2_compat) 480 s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
552 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); 481 s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
553 else
554 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
555 } 482 }
556 483
557 return ret; 484 return ret;
@@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s)
573 500
574 memcpy(buf, p, n); 501 memcpy(buf, p, n);
575 502
503 /* Old unsupported sslv2 handshake */
576 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 504 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
577 (p[5] == 0x00) && (p[6] == 0x02)) { 505 (p[5] == 0x00) && (p[6] == 0x02)) {
578 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 506 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
507 SSL_R_UNSUPPORTED_PROTOCOL);
579 goto err; 508 goto err;
580 } else if (p[1] == SSL3_VERSION_MAJOR && 509 }
510
511 if (p[1] == SSL3_VERSION_MAJOR &&
581 p[2] <= TLS1_2_VERSION_MINOR && 512 p[2] <= TLS1_2_VERSION_MINOR &&
582 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 513 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
583 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { 514 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
@@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s)
600 s->version = TLS1_2_VERSION; 531 s->version = TLS1_2_VERSION;
601 s->method = TLSv1_2_client_method(); 532 s->method = TLSv1_2_client_method();
602 } else { 533 } else {
603 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 534 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
535 SSL_R_UNSUPPORTED_PROTOCOL);
604 goto err; 536 goto err;
605 } 537 }
606 538
607 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { 539 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
608 /* fatal alert */ 540 /* fatal alert */
609
610 void (*cb)(const SSL *ssl, int type, int val) = NULL; 541 void (*cb)(const SSL *ssl, int type, int val) = NULL;
611 int j; 542 int j;
612 543
@@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s)
622 } 553 }
623 554
624 if (s->msg_callback) 555 if (s->msg_callback)
625 s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); 556 s->msg_callback(0, s->version, SSL3_RT_ALERT,
557 p + 5, 2, s, s->msg_callback_arg);
626 558
627 s->rwstate = SSL_NOTHING; 559 s->rwstate = SSL_NOTHING;
628 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); 560 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
561 SSL_AD_REASON_OFFSET + p[6]);
629 goto err; 562 goto err;
630 } 563 }
631 564
@@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s)
654 } 587 }
655 s->init_num = 0; 588 s->init_num = 0;
656 589
657 /* Since, if we are sending a ssl23 client hello, we are not 590 /*
658 * reusing a session-id */ 591 * Since, if we are sending a ssl23 client hello, we are not
592 * reusing a session-id
593 */
659 if (!ssl_get_new_session(s, 0)) 594 if (!ssl_get_new_session(s, 0))
660 goto err; 595 goto err;
661 596
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-19 17:17:02 +0000