1 files changed, 70 insertions, 151 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index c4d8bf2eb3..bc918170e1 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -116,10 +63,10 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-static const SSL_METHOD *ssl23_get_client_method(int ver);
+static SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_client_method(int ver)
+static SSL_METHOD *ssl23_get_client_method(int ver)
        {
 #ifndef OPENSSL_NO_SSL2
        if (ver == SSL2_VERSION)
@@ -250,40 +197,20 @@ end:
        return(ret);
        }
-static int ssl23_no_ssl2_ciphers(SSL *s)
-        {
-        SSL_CIPHER *cipher;
-        STACK_OF(SSL_CIPHER) *ciphers;
-        int i;
-        ciphers = SSL_get_ciphers(s);
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
-                {
-                cipher = sk_SSL_CIPHER_value(ciphers, i);
-                if (cipher->algorithm_ssl == SSL_SSLV2)
-                        return 0;
-                }
-        return 1;
-        }
 static int ssl23_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-        int i,ch_len;
+        int i,j,ch_len;
        unsigned long Time,l;
        int ssl2_compat;
        int version = 0, version_major, version_minor;
-#ifndef OPENSSL_NO_COMP
-        int j;
        SSL_COMP *comp;
-#endif
        int ret;
        ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
-        if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
-                ssl2_compat = 0;
        if (!(s->options & SSL_OP_NO_TLSv1))
                {
                version = TLS1_VERSION;
@@ -296,7 +223,7 @@ static int ssl23_client_hello(SSL *s)
                {
                version = SSL2_VERSION;
                }
-#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_TLSEXT 
        if (version != SSL2_VERSION)
                {
                /* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -305,10 +232,6 @@ static int ssl23_client_hello(SSL *s)
                        ssl2_compat = 0;
                if (s->tlsext_status_type != -1)
                        ssl2_compat = 0;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-                if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
-                        ssl2_compat = 0;
-#endif
                }
 #endif
@@ -334,6 +257,14 @@ static int ssl23_client_hello(SSL *s)
                        version_major = TLS1_VERSION_MAJOR;
                        version_minor = TLS1_VERSION_MINOR;
                        }
+#ifdef OPENSSL_FIPS
+                else if(FIPS_mode())
+                        {
+                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                        return -1;
+                        }
+#endif
                else if (version == SSL3_VERSION)
                        {
                        version_major = SSL3_VERSION_MAJOR;
@@ -387,10 +318,6 @@ static int ssl23_client_hello(SSL *s)
                                ch_len=SSL2_MAX_CHALLENGE_LENGTH;
                        /* write out sslv2 challenge */
-                        /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
-                           because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
-                           or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
-                           check in for futurproofing */
                        if (SSL3_RANDOM_SIZE < ch_len)
                                i=SSL3_RANDOM_SIZE;
                        else
@@ -441,11 +368,7 @@ static int ssl23_client_hello(SSL *s)
                        p+=i;
                        /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
+                        if (s->ctx->comp_methods == NULL)
-                        *(p++)=1;
-#else
-                        if ((s->options & SSL_OP_NO_COMPRESSION)
-                                                || !s->ctx->comp_methods)
                                j=0;
                        else
                                j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -455,16 +378,8 @@ static int ssl23_client_hello(SSL *s)
                                comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
                                *(p++)=comp->id;
                                }
-#endif
                        *(p++)=0; /* Add the NULL method */
 #ifndef OPENSSL_NO_TLSEXT
-                        /* TLS extensions*/
-                        if (ssl_prepare_clienthello_tlsext(s) <= 0)
-                                {
-                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
-                                return -1;
-                                }
                        if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
                                {
                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
@@ -473,6 +388,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
                        
                        l = p-d;
+                        *p = 42;
                        /* fill in 4-byte handshake header */
                        d=&(buf[5]);
@@ -567,10 +483,6 @@ static int ssl23_get_server_hello(SSL *s)
                        ch_len=SSL2_MAX_CHALLENGE_LENGTH;
                /* write out sslv2 challenge */
-                /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
-                   it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
-                   SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
-                   futurproofing */
                i=(SSL3_RANDOM_SIZE < ch_len)
                        ?SSL3_RANDOM_SIZE:ch_len;
                s->s2->challenge_length=i;
@@ -591,7 +503,7 @@ static int ssl23_get_server_hello(SSL *s)
                        /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
                        s->s2->ssl2_rollback=1;
-                /* setup the 7 bytes we have read so we get them from
+                /* setup the 5 bytes we have read so we get them from
                 * the sslv2 buffer */
                s->rstate=SSL_ST_READ_HEADER;
                s->packet_length=n;
@@ -607,16 +519,39 @@ static int ssl23_get_server_hello(SSL *s)
                s->handshake_func=s->method->ssl_connect;
 #endif
                }
-        else if (p[1] == SSL3_VERSION_MAJOR &&
+        else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-                 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
+                 (p[1] == SSL3_VERSION_MAJOR) &&
-                 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
+                 ((p[2] == SSL3_VERSION_MINOR) ||
-                  (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[5] == SSL3_MT_SERVER_HELLO))
                {
-                /* we have sslv3 or tls1 (server hello or alert) */
+                /* we have sslv3 or tls1 */
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+                /* we are in this state */
+                s->state=SSL3_ST_CR_SRVR_HELLO_A;
+                /* put the 5 bytes we have read into the input buffer
+                 * for SSLv3 */
+                s->rstate=SSL_ST_READ_HEADER;
+                s->packet_length=n;
+                s->packet= &(s->s3->rbuf.buf[0]);
+                memcpy(s->packet,buf,n);
+                s->s3->rbuf.left=n;
+                s->s3->rbuf.offset=0;
                if ((p[2] == SSL3_VERSION_MINOR) &&
                        !(s->options & SSL_OP_NO_SSLv3))
                        {
+#ifdef OPENSSL_FIPS
+                        if(FIPS_mode())
+                                {
+                                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                                goto err;
+                                }
+#endif
                        s->version=SSL3_VERSION;
                        s->method=SSLv3_client_method();
                        }
@@ -631,52 +566,35 @@ static int ssl23_get_server_hello(SSL *s)
                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
                        goto err;
                        }
-                if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
-                        {
-                        /* fatal alert */
-                        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-                        int j;
-                        if (s->info_callback != NULL)
-                                cb=s->info_callback;
-                        else if (s->ctx->info_callback != NULL)
-                                cb=s->ctx->info_callback;
- 
-                        i=p[5];
-                        if (cb != NULL)
-                                {
-                                j=(i<<8)|p[6];
-                                cb(s,SSL_CB_READ_ALERT,j);
-                                }
                        
-                        if (s->msg_callback)
+                s->handshake_func=s->method->ssl_connect;
-                                s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
+                }
+        else if ((p[0] == SSL3_RT_ALERT) &&
-                        s->rwstate=SSL_NOTHING;
+                 (p[1] == SSL3_VERSION_MAJOR) &&
-                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
+                 ((p[2] == SSL3_VERSION_MINOR) ||
-                        goto err;
+                  (p[2] == TLS1_VERSION_MINOR)) &&
+                 (p[3] == 0) &&
+                 (p[4] == 2))
+                {
+                void (*cb)(const SSL *ssl,int type,int val)=NULL;
+                int j;
+                /* An alert */
+                if (s->info_callback != NULL)
+                        cb=s->info_callback;
+                else if (s->ctx->info_callback != NULL)
+                        cb=s->ctx->info_callback;
+ 
+                i=p[5];
+                if (cb != NULL)
+                        {
+                        j=(i<<8)|p[6];
+                        cb(s,SSL_CB_READ_ALERT,j);
                        }
-                if (!ssl_init_wbio_buffer(s,1)) goto err;
+                s->rwstate=SSL_NOTHING;
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
-                /* we are in this state */
+                goto err;
-                s->state=SSL3_ST_CR_SRVR_HELLO_A;
-                /* put the 7 bytes we have read into the input buffer
-                 * for SSLv3 */
-                s->rstate=SSL_ST_READ_HEADER;
-                s->packet_length=n;
-                if (s->s3->rbuf.buf == NULL)
-                        if (!ssl3_setup_read_buffer(s))
-                                goto err;
-                s->packet= &(s->s3->rbuf.buf[0]);
-                memcpy(s->packet,buf,n);
-                s->s3->rbuf.left=n;
-                s->s3->rbuf.offset=0;
-                s->handshake_func=s->method->ssl_connect;
                }
        else
                {
@@ -694,3 +612,4 @@ static int ssl23_get_server_hello(SSL *s)
 err:
        return(-1);
        }

diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index c4d8bf2eb3..bc918170e1 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c
@@ -55,59 +55,6 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58	/* ====================================================================
59	* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60	*
61	* Redistribution and use in source and binary forms, with or without
62	* modification, are permitted provided that the following conditions
63	* are met:
64	*
65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.
67	*
68	* 2. Redistributions in binary form must reproduce the above copyright
69	* notice, this list of conditions and the following disclaimer in
70	* the documentation and/or other materials provided with the
71	* distribution.
72	*
73	* 3. All advertising materials mentioning features or use of this
74	* software must display the following acknowledgment:
75	* "This product includes software developed by the OpenSSL Project
76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77	*
78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79	* endorse or promote products derived from this software without
80	* prior written permission. For written permission, please contact
81	* openssl-core@openssl.org.
82	*
83	* 5. Products derived from this software may not be called "OpenSSL"
84	* nor may "OpenSSL" appear in their names without prior written
85	* permission of the OpenSSL Project.
86	*
87	* 6. Redistributions of any form whatsoever must retain the following
88	* acknowledgment:
89	* "This product includes software developed by the OpenSSL Project
90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91	*
92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103	* OF THE POSSIBILITY OF SUCH DAMAGE.
104	* ====================================================================
105	*
106	* This product includes cryptographic software written by Eric Young
107	* (eay@cryptsoft.com). This product includes software written by Tim
108	* Hudson (tjh@cryptsoft.com).
109	*
110	*/
111		58
112	#include <stdio.h>	59	#include <stdio.h>
113	#include "ssl_locl.h"	60	#include "ssl_locl.h"
@@ -116,10 +63,10 @@
116	#include <openssl/objects.h>	63	#include <openssl/objects.h>
117	#include <openssl/evp.h>	64	#include <openssl/evp.h>
118		65
119	static const SSL_METHOD *ssl23_get_client_method(int ver);	66	static SSL_METHOD *ssl23_get_client_method(int ver);
120	static int ssl23_client_hello(SSL *s);	67	static int ssl23_client_hello(SSL *s);
121	static int ssl23_get_server_hello(SSL *s);	68	static int ssl23_get_server_hello(SSL *s);
122	static const SSL_METHOD *ssl23_get_client_method(int ver)	69	static SSL_METHOD *ssl23_get_client_method(int ver)
123	{	70	{
124	#ifndef OPENSSL_NO_SSL2	71	#ifndef OPENSSL_NO_SSL2
125	if (ver == SSL2_VERSION)	72	if (ver == SSL2_VERSION)
@@ -250,40 +197,20 @@ end:
250	return(ret);	197	return(ret);
251	}	198	}
252		199
253	static int ssl23_no_ssl2_ciphers(SSL *s)
254	{
255	SSL_CIPHER *cipher;
256	STACK_OF(SSL_CIPHER) *ciphers;
257	int i;
258	ciphers = SSL_get_ciphers(s);
259	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
260	{
261	cipher = sk_SSL_CIPHER_value(ciphers, i);
262	if (cipher->algorithm_ssl == SSL_SSLV2)
263	return 0;
264	}
265	return 1;
266	}
267		200
268	static int ssl23_client_hello(SSL *s)	201	static int ssl23_client_hello(SSL *s)
269	{	202	{
270	unsigned char *buf;	203	unsigned char *buf;
271	unsigned char p,d;	204	unsigned char p,d;
272	int i,ch_len;	205	int i,j,ch_len;
273	unsigned long Time,l;	206	unsigned long Time,l;
274	int ssl2_compat;	207	int ssl2_compat;
275	int version = 0, version_major, version_minor;	208	int version = 0, version_major, version_minor;
276	#ifndef OPENSSL_NO_COMP
277	int j;
278	SSL_COMP *comp;	209	SSL_COMP *comp;
279	#endif
280	int ret;	210	int ret;
281		211
282	ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;	212	ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
283		213
284	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
285	ssl2_compat = 0;
286
287	if (!(s->options & SSL_OP_NO_TLSv1))	214	if (!(s->options & SSL_OP_NO_TLSv1))
288	{	215	{
289	version = TLS1_VERSION;	216	version = TLS1_VERSION;
@@ -296,7 +223,7 @@ static int ssl23_client_hello(SSL *s)
296	{	223	{
297	version = SSL2_VERSION;	224	version = SSL2_VERSION;
298	}	225	}
299	#ifndef OPENSSL_NO_TLSEXT	226	#ifndef OPENSSL_NO_TLSEXT
300	if (version != SSL2_VERSION)	227	if (version != SSL2_VERSION)
301	{	228	{
302	/* have to disable SSL 2.0 compatibility if we need TLS extensions */	229	/* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -305,10 +232,6 @@ static int ssl23_client_hello(SSL *s)
305	ssl2_compat = 0;	232	ssl2_compat = 0;
306	if (s->tlsext_status_type != -1)	233	if (s->tlsext_status_type != -1)
307	ssl2_compat = 0;	234	ssl2_compat = 0;
308	#ifdef TLSEXT_TYPE_opaque_prf_input
309	if (s->ctx->tlsext_opaque_prf_input_callback != 0 \|\| s->tlsext_opaque_prf_input != NULL)
310	ssl2_compat = 0;
311	#endif
312	}	235	}
313	#endif	236	#endif
314		237
@@ -334,6 +257,14 @@ static int ssl23_client_hello(SSL *s)
334	version_major = TLS1_VERSION_MAJOR;	257	version_major = TLS1_VERSION_MAJOR;
335	version_minor = TLS1_VERSION_MINOR;	258	version_minor = TLS1_VERSION_MINOR;
336	}	259	}
		260	#ifdef OPENSSL_FIPS
		261	else if(FIPS_mode())
		262	{
		263	SSLerr(SSL_F_SSL23_CLIENT_HELLO,
		264	SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
		265	return -1;
		266	}
		267	#endif
337	else if (version == SSL3_VERSION)	268	else if (version == SSL3_VERSION)
338	{	269	{
339	version_major = SSL3_VERSION_MAJOR;	270	version_major = SSL3_VERSION_MAJOR;
@@ -387,10 +318,6 @@ static int ssl23_client_hello(SSL *s)
387	ch_len=SSL2_MAX_CHALLENGE_LENGTH;	318	ch_len=SSL2_MAX_CHALLENGE_LENGTH;
388		319
389	/* write out sslv2 challenge */	320	/* write out sslv2 challenge */
390	/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
391	because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
392	or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
393	check in for futurproofing */
394	if (SSL3_RANDOM_SIZE < ch_len)	321	if (SSL3_RANDOM_SIZE < ch_len)
395	i=SSL3_RANDOM_SIZE;	322	i=SSL3_RANDOM_SIZE;
396	else	323	else
@@ -441,11 +368,7 @@ static int ssl23_client_hello(SSL *s)
441	p+=i;	368	p+=i;
442		369
443	/* COMPRESSION */	370	/* COMPRESSION */
444	#ifdef OPENSSL_NO_COMP	371	if (s->ctx->comp_methods == NULL)
445	*(p++)=1;
446	#else
447	if ((s->options & SSL_OP_NO_COMPRESSION)
448	\|\| !s->ctx->comp_methods)
449	j=0;	372	j=0;
450	else	373	else
451	j=sk_SSL_COMP_num(s->ctx->comp_methods);	374	j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -455,16 +378,8 @@ static int ssl23_client_hello(SSL *s)
455	comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);	378	comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
456	*(p++)=comp->id;	379	*(p++)=comp->id;
457	}	380	}
458	#endif
459	(p++)=0; / Add the NULL method */	381	(p++)=0; / Add the NULL method */
460
461	#ifndef OPENSSL_NO_TLSEXT	382	#ifndef OPENSSL_NO_TLSEXT
462	/* TLS extensions*/
463	if (ssl_prepare_clienthello_tlsext(s) <= 0)
464	{
465	SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
466	return -1;
467	}
468	if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)	383	if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
469	{	384	{
470	SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);	385	SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
@@ -473,6 +388,7 @@ static int ssl23_client_hello(SSL *s)
473	#endif	388	#endif
474		389
475	l = p-d;	390	l = p-d;
		391	*p = 42;
476		392
477	/* fill in 4-byte handshake header */	393	/* fill in 4-byte handshake header */
478	d=&(buf[5]);	394	d=&(buf[5]);
@@ -567,10 +483,6 @@ static int ssl23_get_server_hello(SSL *s)
567	ch_len=SSL2_MAX_CHALLENGE_LENGTH;	483	ch_len=SSL2_MAX_CHALLENGE_LENGTH;
568		484
569	/* write out sslv2 challenge */	485	/* write out sslv2 challenge */
570	/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
571	it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
572	SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
573	futurproofing */
574	i=(SSL3_RANDOM_SIZE < ch_len)	486	i=(SSL3_RANDOM_SIZE < ch_len)
575	?SSL3_RANDOM_SIZE:ch_len;	487	?SSL3_RANDOM_SIZE:ch_len;
576	s->s2->challenge_length=i;	488	s->s2->challenge_length=i;
@@ -591,7 +503,7 @@ static int ssl23_get_server_hello(SSL *s)
591	/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */	503	/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
592	s->s2->ssl2_rollback=1;	504	s->s2->ssl2_rollback=1;
593		505
594	/* setup the 7 bytes we have read so we get them from	506	/* setup the 5 bytes we have read so we get them from
595	* the sslv2 buffer */	507	* the sslv2 buffer */
596	s->rstate=SSL_ST_READ_HEADER;	508	s->rstate=SSL_ST_READ_HEADER;
597	s->packet_length=n;	509	s->packet_length=n;
@@ -607,16 +519,39 @@ static int ssl23_get_server_hello(SSL *s)
607	s->handshake_func=s->method->ssl_connect;	519	s->handshake_func=s->method->ssl_connect;
608	#endif	520	#endif
609	}	521	}
610	else if (p[1] == SSL3_VERSION_MAJOR &&	522	else if ((p[0] == SSL3_RT_HANDSHAKE) &&
611	(p[2] == SSL3_VERSION_MINOR \|\| p[2] == TLS1_VERSION_MINOR) &&	523	(p[1] == SSL3_VERSION_MAJOR) &&
612	((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) \|\|	524	((p[2] == SSL3_VERSION_MINOR) \|\|
613	(p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))	525	(p[2] == TLS1_VERSION_MINOR)) &&
		526	(p[5] == SSL3_MT_SERVER_HELLO))
614	{	527	{
615	/* we have sslv3 or tls1 (server hello or alert) */	528	/* we have sslv3 or tls1 */
		529
		530	if (!ssl_init_wbio_buffer(s,1)) goto err;
		531
		532	/* we are in this state */
		533	s->state=SSL3_ST_CR_SRVR_HELLO_A;
		534
		535	/* put the 5 bytes we have read into the input buffer
		536	* for SSLv3 */
		537	s->rstate=SSL_ST_READ_HEADER;
		538	s->packet_length=n;
		539	s->packet= &(s->s3->rbuf.buf[0]);
		540	memcpy(s->packet,buf,n);
		541	s->s3->rbuf.left=n;
		542	s->s3->rbuf.offset=0;
616		543
617	if ((p[2] == SSL3_VERSION_MINOR) &&	544	if ((p[2] == SSL3_VERSION_MINOR) &&
618	!(s->options & SSL_OP_NO_SSLv3))	545	!(s->options & SSL_OP_NO_SSLv3))
619	{	546	{
		547	#ifdef OPENSSL_FIPS
		548	if(FIPS_mode())
		549	{
		550	SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
		551	SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
		552	goto err;
		553	}
		554	#endif
620	s->version=SSL3_VERSION;	555	s->version=SSL3_VERSION;
621	s->method=SSLv3_client_method();	556	s->method=SSLv3_client_method();
622	}	557	}
@@ -631,52 +566,35 @@ static int ssl23_get_server_hello(SSL *s)
631	SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);	566	SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
632	goto err;	567	goto err;
633	}	568	}
634
635	if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
636	{
637	/* fatal alert */
638
639	void (cb)(const SSL ssl,int type,int val)=NULL;
640	int j;
641
642	if (s->info_callback != NULL)
643	cb=s->info_callback;
644	else if (s->ctx->info_callback != NULL)
645	cb=s->ctx->info_callback;
646
647	i=p[5];
648	if (cb != NULL)
649	{
650	j=(i<<8)\|p[6];
651	cb(s,SSL_CB_READ_ALERT,j);
652	}
653		569
654	if (s->msg_callback)	570	s->handshake_func=s->method->ssl_connect;
655	s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);	571	}
656		572	else if ((p[0] == SSL3_RT_ALERT) &&
657	s->rwstate=SSL_NOTHING;	573	(p[1] == SSL3_VERSION_MAJOR) &&
658	SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);	574	((p[2] == SSL3_VERSION_MINOR) \|\|
659	goto err;	575	(p[2] == TLS1_VERSION_MINOR)) &&
		576	(p[3] == 0) &&
		577	(p[4] == 2))
		578	{
		579	void (cb)(const SSL ssl,int type,int val)=NULL;
		580	int j;
		581
		582	/* An alert */
		583	if (s->info_callback != NULL)
		584	cb=s->info_callback;
		585	else if (s->ctx->info_callback != NULL)
		586	cb=s->ctx->info_callback;
		587
		588	i=p[5];
		589	if (cb != NULL)
		590	{
		591	j=(i<<8)\|p[6];
		592	cb(s,SSL_CB_READ_ALERT,j);
660	}	593	}
661		594
662	if (!ssl_init_wbio_buffer(s,1)) goto err;	595	s->rwstate=SSL_NOTHING;
663		596	SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
664	/* we are in this state */	597	goto err;
665	s->state=SSL3_ST_CR_SRVR_HELLO_A;
666
667	/* put the 7 bytes we have read into the input buffer
668	* for SSLv3 */
669	s->rstate=SSL_ST_READ_HEADER;
670	s->packet_length=n;
671	if (s->s3->rbuf.buf == NULL)
672	if (!ssl3_setup_read_buffer(s))
673	goto err;
674	s->packet= &(s->s3->rbuf.buf[0]);
675	memcpy(s->packet,buf,n);
676	s->s3->rbuf.left=n;
677	s->s3->rbuf.offset=0;
678
679	s->handshake_func=s->method->ssl_connect;
680	}	598	}
681	else	599	else
682	{	600	{
@@ -694,3 +612,4 @@ static int ssl23_get_server_hello(SSL *s)
694	err:	612	err:
695	return(-1);	613	return(-1);
696	}	614	}
		615