summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
-rw-r--r--src/lib/libssl/s23_clnt.c63
1 files changed, 40 insertions, 23 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index c45a8e0a04..86356731ea 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -80,10 +80,28 @@ static SSL_METHOD *ssl23_get_client_method(int ver)
80 return(NULL); 80 return(NULL);
81 } 81 }
82 82
83IMPLEMENT_ssl23_meth_func(SSLv23_client_method, 83SSL_METHOD *SSLv23_client_method(void)
84 ssl_undefined_function, 84 {
85 ssl23_connect, 85 static int init=1;
86 ssl23_get_client_method) 86 static SSL_METHOD SSLv23_client_data;
87
88 if (init)
89 {
90 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
91
92 if (init)
93 {
94 memcpy((char *)&SSLv23_client_data,
95 (char *)sslv23_base_method(),sizeof(SSL_METHOD));
96 SSLv23_client_data.ssl_connect=ssl23_connect;
97 SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
98 init=0;
99 }
100
101 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
102 }
103 return(&SSLv23_client_data);
104 }
87 105
88int ssl23_connect(SSL *s) 106int ssl23_connect(SSL *s)
89 { 107 {
@@ -223,17 +241,6 @@ static int ssl23_client_hello(SSL *s)
223 { 241 {
224 version = SSL2_VERSION; 242 version = SSL2_VERSION;
225 } 243 }
226#ifndef OPENSSL_NO_TLSEXT
227 if (version != SSL2_VERSION)
228 {
229 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
230
231 if (s->tlsext_hostname != NULL)
232 ssl2_compat = 0;
233 if (s->tlsext_status_type != -1)
234 ssl2_compat = 0;
235 }
236#endif
237 244
238 buf=(unsigned char *)s->init_buf->data; 245 buf=(unsigned char *)s->init_buf->data;
239 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 246 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -247,7 +254,7 @@ static int ssl23_client_hello(SSL *s)
247#endif 254#endif
248 255
249 p=s->s3->client_random; 256 p=s->s3->client_random;
250 Time=(unsigned long)time(NULL); /* Time */ 257 Time=(unsigned long)time(NULL); /* Time */
251 l2n(Time,p); 258 l2n(Time,p);
252 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 259 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
253 return -1; 260 return -1;
@@ -257,6 +264,14 @@ static int ssl23_client_hello(SSL *s)
257 version_major = TLS1_VERSION_MAJOR; 264 version_major = TLS1_VERSION_MAJOR;
258 version_minor = TLS1_VERSION_MINOR; 265 version_minor = TLS1_VERSION_MINOR;
259 } 266 }
267#ifdef OPENSSL_FIPS
268 else if(FIPS_mode())
269 {
270 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
271 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
272 return -1;
273 }
274#endif
260 else if (version == SSL3_VERSION) 275 else if (version == SSL3_VERSION)
261 { 276 {
262 version_major = SSL3_VERSION_MAJOR; 277 version_major = SSL3_VERSION_MAJOR;
@@ -371,13 +386,6 @@ static int ssl23_client_hello(SSL *s)
371 *(p++)=comp->id; 386 *(p++)=comp->id;
372 } 387 }
373 *(p++)=0; /* Add the NULL method */ 388 *(p++)=0; /* Add the NULL method */
374#ifndef OPENSSL_NO_TLSEXT
375 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
376 {
377 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
378 return -1;
379 }
380#endif
381 389
382 l = p-d; 390 l = p-d;
383 *p = 42; 391 *p = 42;
@@ -536,6 +544,14 @@ static int ssl23_get_server_hello(SSL *s)
536 if ((p[2] == SSL3_VERSION_MINOR) && 544 if ((p[2] == SSL3_VERSION_MINOR) &&
537 !(s->options & SSL_OP_NO_SSLv3)) 545 !(s->options & SSL_OP_NO_SSLv3))
538 { 546 {
547#ifdef OPENSSL_FIPS
548 if(FIPS_mode())
549 {
550 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
551 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
552 goto err;
553 }
554#endif
539 s->version=SSL3_VERSION; 555 s->version=SSL3_VERSION;
540 s->method=SSLv3_client_method(); 556 s->method=SSLv3_client_method();
541 } 557 }
@@ -592,6 +608,7 @@ static int ssl23_get_server_hello(SSL *s)
592 if (!ssl_get_new_session(s,0)) 608 if (!ssl_get_new_session(s,0))
593 goto err; 609 goto err;
594 610
611 s->first_packet=1;
595 return(SSL_connect(s)); 612 return(SSL_connect(s));
596err: 613err:
597 return(-1); 614 return(-1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 23:10:44 +0000