summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
-rw-r--r--src/lib/libssl/s23_clnt.c221
1 files changed, 151 insertions, 70 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index bc918170e1..c4d8bf2eb3 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include "ssl_locl.h" 113#include "ssl_locl.h"
@@ -63,10 +116,10 @@
63#include <openssl/objects.h> 116#include <openssl/objects.h>
64#include <openssl/evp.h> 117#include <openssl/evp.h>
65 118
66static SSL_METHOD *ssl23_get_client_method(int ver); 119static const SSL_METHOD *ssl23_get_client_method(int ver);
67static int ssl23_client_hello(SSL *s); 120static int ssl23_client_hello(SSL *s);
68static int ssl23_get_server_hello(SSL *s); 121static int ssl23_get_server_hello(SSL *s);
69static SSL_METHOD *ssl23_get_client_method(int ver) 122static const SSL_METHOD *ssl23_get_client_method(int ver)
70 { 123 {
71#ifndef OPENSSL_NO_SSL2 124#ifndef OPENSSL_NO_SSL2
72 if (ver == SSL2_VERSION) 125 if (ver == SSL2_VERSION)
@@ -197,20 +250,40 @@ end:
197 return(ret); 250 return(ret);
198 } 251 }
199 252
253static int ssl23_no_ssl2_ciphers(SSL *s)
254 {
255 SSL_CIPHER *cipher;
256 STACK_OF(SSL_CIPHER) *ciphers;
257 int i;
258 ciphers = SSL_get_ciphers(s);
259 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
260 {
261 cipher = sk_SSL_CIPHER_value(ciphers, i);
262 if (cipher->algorithm_ssl == SSL_SSLV2)
263 return 0;
264 }
265 return 1;
266 }
200 267
201static int ssl23_client_hello(SSL *s) 268static int ssl23_client_hello(SSL *s)
202 { 269 {
203 unsigned char *buf; 270 unsigned char *buf;
204 unsigned char *p,*d; 271 unsigned char *p,*d;
205 int i,j,ch_len; 272 int i,ch_len;
206 unsigned long Time,l; 273 unsigned long Time,l;
207 int ssl2_compat; 274 int ssl2_compat;
208 int version = 0, version_major, version_minor; 275 int version = 0, version_major, version_minor;
276#ifndef OPENSSL_NO_COMP
277 int j;
209 SSL_COMP *comp; 278 SSL_COMP *comp;
279#endif
210 int ret; 280 int ret;
211 281
212 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; 282 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
213 283
284 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
285 ssl2_compat = 0;
286
214 if (!(s->options & SSL_OP_NO_TLSv1)) 287 if (!(s->options & SSL_OP_NO_TLSv1))
215 { 288 {
216 version = TLS1_VERSION; 289 version = TLS1_VERSION;
@@ -223,7 +296,7 @@ static int ssl23_client_hello(SSL *s)
223 { 296 {
224 version = SSL2_VERSION; 297 version = SSL2_VERSION;
225 } 298 }
226#ifndef OPENSSL_NO_TLSEXT 299#ifndef OPENSSL_NO_TLSEXT
227 if (version != SSL2_VERSION) 300 if (version != SSL2_VERSION)
228 { 301 {
229 /* have to disable SSL 2.0 compatibility if we need TLS extensions */ 302 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -232,6 +305,10 @@ static int ssl23_client_hello(SSL *s)
232 ssl2_compat = 0; 305 ssl2_compat = 0;
233 if (s->tlsext_status_type != -1) 306 if (s->tlsext_status_type != -1)
234 ssl2_compat = 0; 307 ssl2_compat = 0;
308#ifdef TLSEXT_TYPE_opaque_prf_input
309 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
310 ssl2_compat = 0;
311#endif
235 } 312 }
236#endif 313#endif
237 314
@@ -257,14 +334,6 @@ static int ssl23_client_hello(SSL *s)
257 version_major = TLS1_VERSION_MAJOR; 334 version_major = TLS1_VERSION_MAJOR;
258 version_minor = TLS1_VERSION_MINOR; 335 version_minor = TLS1_VERSION_MINOR;
259 } 336 }
260#ifdef OPENSSL_FIPS
261 else if(FIPS_mode())
262 {
263 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
264 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
265 return -1;
266 }
267#endif
268 else if (version == SSL3_VERSION) 337 else if (version == SSL3_VERSION)
269 { 338 {
270 version_major = SSL3_VERSION_MAJOR; 339 version_major = SSL3_VERSION_MAJOR;
@@ -318,6 +387,10 @@ static int ssl23_client_hello(SSL *s)
318 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 387 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
319 388
320 /* write out sslv2 challenge */ 389 /* write out sslv2 challenge */
390 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
391 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
392 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
393 check in for futurproofing */
321 if (SSL3_RANDOM_SIZE < ch_len) 394 if (SSL3_RANDOM_SIZE < ch_len)
322 i=SSL3_RANDOM_SIZE; 395 i=SSL3_RANDOM_SIZE;
323 else 396 else
@@ -368,7 +441,11 @@ static int ssl23_client_hello(SSL *s)
368 p+=i; 441 p+=i;
369 442
370 /* COMPRESSION */ 443 /* COMPRESSION */
371 if (s->ctx->comp_methods == NULL) 444#ifdef OPENSSL_NO_COMP
445 *(p++)=1;
446#else
447 if ((s->options & SSL_OP_NO_COMPRESSION)
448 || !s->ctx->comp_methods)
372 j=0; 449 j=0;
373 else 450 else
374 j=sk_SSL_COMP_num(s->ctx->comp_methods); 451 j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -378,8 +455,16 @@ static int ssl23_client_hello(SSL *s)
378 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 455 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
379 *(p++)=comp->id; 456 *(p++)=comp->id;
380 } 457 }
458#endif
381 *(p++)=0; /* Add the NULL method */ 459 *(p++)=0; /* Add the NULL method */
460
382#ifndef OPENSSL_NO_TLSEXT 461#ifndef OPENSSL_NO_TLSEXT
462 /* TLS extensions*/
463 if (ssl_prepare_clienthello_tlsext(s) <= 0)
464 {
465 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
466 return -1;
467 }
383 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 468 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
384 { 469 {
385 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 470 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
@@ -388,7 +473,6 @@ static int ssl23_client_hello(SSL *s)
388#endif 473#endif
389 474
390 l = p-d; 475 l = p-d;
391 *p = 42;
392 476
393 /* fill in 4-byte handshake header */ 477 /* fill in 4-byte handshake header */
394 d=&(buf[5]); 478 d=&(buf[5]);
@@ -483,6 +567,10 @@ static int ssl23_get_server_hello(SSL *s)
483 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 567 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
484 568
485 /* write out sslv2 challenge */ 569 /* write out sslv2 challenge */
570 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
571 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
572 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
573 futurproofing */
486 i=(SSL3_RANDOM_SIZE < ch_len) 574 i=(SSL3_RANDOM_SIZE < ch_len)
487 ?SSL3_RANDOM_SIZE:ch_len; 575 ?SSL3_RANDOM_SIZE:ch_len;
488 s->s2->challenge_length=i; 576 s->s2->challenge_length=i;
@@ -503,7 +591,7 @@ static int ssl23_get_server_hello(SSL *s)
503 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ 591 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
504 s->s2->ssl2_rollback=1; 592 s->s2->ssl2_rollback=1;
505 593
506 /* setup the 5 bytes we have read so we get them from 594 /* setup the 7 bytes we have read so we get them from
507 * the sslv2 buffer */ 595 * the sslv2 buffer */
508 s->rstate=SSL_ST_READ_HEADER; 596 s->rstate=SSL_ST_READ_HEADER;
509 s->packet_length=n; 597 s->packet_length=n;
@@ -519,39 +607,16 @@ static int ssl23_get_server_hello(SSL *s)
519 s->handshake_func=s->method->ssl_connect; 607 s->handshake_func=s->method->ssl_connect;
520#endif 608#endif
521 } 609 }
522 else if ((p[0] == SSL3_RT_HANDSHAKE) && 610 else if (p[1] == SSL3_VERSION_MAJOR &&
523 (p[1] == SSL3_VERSION_MAJOR) && 611 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
524 ((p[2] == SSL3_VERSION_MINOR) || 612 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
525 (p[2] == TLS1_VERSION_MINOR)) && 613 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
526 (p[5] == SSL3_MT_SERVER_HELLO))
527 { 614 {
528 /* we have sslv3 or tls1 */ 615 /* we have sslv3 or tls1 (server hello or alert) */
529
530 if (!ssl_init_wbio_buffer(s,1)) goto err;
531
532 /* we are in this state */
533 s->state=SSL3_ST_CR_SRVR_HELLO_A;
534
535 /* put the 5 bytes we have read into the input buffer
536 * for SSLv3 */
537 s->rstate=SSL_ST_READ_HEADER;
538 s->packet_length=n;
539 s->packet= &(s->s3->rbuf.buf[0]);
540 memcpy(s->packet,buf,n);
541 s->s3->rbuf.left=n;
542 s->s3->rbuf.offset=0;
543 616
544 if ((p[2] == SSL3_VERSION_MINOR) && 617 if ((p[2] == SSL3_VERSION_MINOR) &&
545 !(s->options & SSL_OP_NO_SSLv3)) 618 !(s->options & SSL_OP_NO_SSLv3))
546 { 619 {
547#ifdef OPENSSL_FIPS
548 if(FIPS_mode())
549 {
550 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
551 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
552 goto err;
553 }
554#endif
555 s->version=SSL3_VERSION; 620 s->version=SSL3_VERSION;
556 s->method=SSLv3_client_method(); 621 s->method=SSLv3_client_method();
557 } 622 }
@@ -566,35 +631,52 @@ static int ssl23_get_server_hello(SSL *s)
566 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 631 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
567 goto err; 632 goto err;
568 } 633 }
569 634
570 s->handshake_func=s->method->ssl_connect; 635 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
571 }
572 else if ((p[0] == SSL3_RT_ALERT) &&
573 (p[1] == SSL3_VERSION_MAJOR) &&
574 ((p[2] == SSL3_VERSION_MINOR) ||
575 (p[2] == TLS1_VERSION_MINOR)) &&
576 (p[3] == 0) &&
577 (p[4] == 2))
578 {
579 void (*cb)(const SSL *ssl,int type,int val)=NULL;
580 int j;
581
582 /* An alert */
583 if (s->info_callback != NULL)
584 cb=s->info_callback;
585 else if (s->ctx->info_callback != NULL)
586 cb=s->ctx->info_callback;
587
588 i=p[5];
589 if (cb != NULL)
590 { 636 {
591 j=(i<<8)|p[6]; 637 /* fatal alert */
592 cb(s,SSL_CB_READ_ALERT,j); 638
639 void (*cb)(const SSL *ssl,int type,int val)=NULL;
640 int j;
641
642 if (s->info_callback != NULL)
643 cb=s->info_callback;
644 else if (s->ctx->info_callback != NULL)
645 cb=s->ctx->info_callback;
646
647 i=p[5];
648 if (cb != NULL)
649 {
650 j=(i<<8)|p[6];
651 cb(s,SSL_CB_READ_ALERT,j);
652 }
653
654 if (s->msg_callback)
655 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
656
657 s->rwstate=SSL_NOTHING;
658 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
659 goto err;
593 } 660 }
594 661
595 s->rwstate=SSL_NOTHING; 662 if (!ssl_init_wbio_buffer(s,1)) goto err;
596 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); 663
597 goto err; 664 /* we are in this state */
665 s->state=SSL3_ST_CR_SRVR_HELLO_A;
666
667 /* put the 7 bytes we have read into the input buffer
668 * for SSLv3 */
669 s->rstate=SSL_ST_READ_HEADER;
670 s->packet_length=n;
671 if (s->s3->rbuf.buf == NULL)
672 if (!ssl3_setup_read_buffer(s))
673 goto err;
674 s->packet= &(s->s3->rbuf.buf[0]);
675 memcpy(s->packet,buf,n);
676 s->s3->rbuf.left=n;
677 s->s3->rbuf.offset=0;
678
679 s->handshake_func=s->method->ssl_connect;
598 } 680 }
599 else 681 else
600 { 682 {
@@ -612,4 +694,3 @@ static int ssl23_get_server_hello(SSL *s)
612err: 694err:
613 return(-1); 695 return(-1);
614 } 696 }
615
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 15:06:43 +0000