summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s23_srvr.c72
1 files changed, 38 insertions, 34 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index c7b9ecbcf2..e4122f2d78 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -57,26 +57,19 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "buffer.h" 60#include <openssl/buffer.h>
61#include "rand.h" 61#include <openssl/rand.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "evp.h" 63#include <openssl/evp.h>
64#include "ssl_locl.h" 64#include "ssl_locl.h"
65 65
66#define BREAK break 66static SSL_METHOD *ssl23_get_server_method(int ver);
67
68#ifndef NOPROTO
69int ssl23_get_client_hello(SSL *s); 67int ssl23_get_client_hello(SSL *s);
70#else 68static SSL_METHOD *ssl23_get_server_method(int ver)
71int ssl23_get_client_hello();
72#endif
73
74static SSL_METHOD *ssl23_get_server_method(ver)
75int ver;
76 { 69 {
77 if (ver == SSL2_VERSION) 70 if (ver == SSL2_VERSION)
78 return(SSLv2_server_method()); 71 return(SSLv2_server_method());
79 else if (ver == SSL3_VERSION) 72 if (ver == SSL3_VERSION)
80 return(SSLv3_server_method()); 73 return(SSLv3_server_method());
81 else if (ver == TLS1_VERSION) 74 else if (ver == TLS1_VERSION)
82 return(TLSv1_server_method()); 75 return(TLSv1_server_method());
@@ -84,24 +77,23 @@ int ver;
84 return(NULL); 77 return(NULL);
85 } 78 }
86 79
87SSL_METHOD *SSLv23_server_method() 80SSL_METHOD *SSLv23_server_method(void)
88 { 81 {
89 static int init=1; 82 static int init=1;
90 static SSL_METHOD SSLv23_server_data; 83 static SSL_METHOD SSLv23_server_data;
91 84
92 if (init) 85 if (init)
93 { 86 {
94 init=0;
95 memcpy((char *)&SSLv23_server_data, 87 memcpy((char *)&SSLv23_server_data,
96 (char *)sslv23_base_method(),sizeof(SSL_METHOD)); 88 (char *)sslv23_base_method(),sizeof(SSL_METHOD));
97 SSLv23_server_data.ssl_accept=ssl23_accept; 89 SSLv23_server_data.ssl_accept=ssl23_accept;
98 SSLv23_server_data.get_ssl_method=ssl23_get_server_method; 90 SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
91 init=0;
99 } 92 }
100 return(&SSLv23_server_data); 93 return(&SSLv23_server_data);
101 } 94 }
102 95
103int ssl23_accept(s) 96int ssl23_accept(SSL *s)
104SSL *s;
105 { 97 {
106 BUF_MEM *buf; 98 BUF_MEM *buf;
107 unsigned long Time=time(NULL); 99 unsigned long Time=time(NULL);
@@ -109,7 +101,7 @@ SSL *s;
109 int ret= -1; 101 int ret= -1;
110 int new_state,state; 102 int new_state,state;
111 103
112 RAND_seed((unsigned char *)&Time,sizeof(Time)); 104 RAND_seed(&Time,sizeof(Time));
113 ERR_clear_error(); 105 ERR_clear_error();
114 clear_sys_error(); 106 clear_sys_error();
115 107
@@ -132,6 +124,7 @@ SSL *s;
132 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 124 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
133 case SSL_ST_OK|SSL_ST_ACCEPT: 125 case SSL_ST_OK|SSL_ST_ACCEPT:
134 126
127 s->server=1;
135 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 128 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
136 129
137 /* s->version=SSL3_VERSION; */ 130 /* s->version=SSL3_VERSION; */
@@ -155,7 +148,7 @@ SSL *s;
155 ssl3_init_finished_mac(s); 148 ssl3_init_finished_mac(s);
156 149
157 s->state=SSL23_ST_SR_CLNT_HELLO_A; 150 s->state=SSL23_ST_SR_CLNT_HELLO_A;
158 s->ctx->sess_accept++; 151 s->ctx->stats.sess_accept++;
159 s->init_num=0; 152 s->init_num=0;
160 break; 153 break;
161 154
@@ -166,7 +159,7 @@ SSL *s;
166 ret=ssl23_get_client_hello(s); 159 ret=ssl23_get_client_hello(s);
167 if (ret >= 0) cb=NULL; 160 if (ret >= 0) cb=NULL;
168 goto end; 161 goto end;
169 break; 162 /* break; */
170 163
171 default: 164 default:
172 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); 165 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
@@ -191,8 +184,7 @@ end:
191 } 184 }
192 185
193 186
194int ssl23_get_client_hello(s) 187int ssl23_get_client_hello(SSL *s)
195SSL *s;
196 { 188 {
197 char buf_space[8]; 189 char buf_space[8];
198 char *buf= &(buf_space[0]); 190 char *buf= &(buf_space[0]);
@@ -201,14 +193,16 @@ SSL *s;
201 unsigned int csl,sil,cl; 193 unsigned int csl,sil,cl;
202 int n=0,j,tls1=0; 194 int n=0,j,tls1=0;
203 int type=0,use_sslv2_strong=0; 195 int type=0,use_sslv2_strong=0;
196 int v[2];
204 197
205 /* read the initial header */ 198 /* read the initial header */
199 v[0]=v[1]=0;
206 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 200 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
207 { 201 {
208 if (!ssl3_setup_buffers(s)) goto err; 202 if (!ssl3_setup_buffers(s)) goto err;
209 203
210 n=ssl23_read_bytes(s,7); 204 n=ssl23_read_bytes(s,7);
211 if (n != 7) return(n); 205 if (n != 7) return(n); /* n == -1 || n == 0 */
212 206
213 p=s->packet; 207 p=s->packet;
214 208
@@ -219,12 +213,14 @@ SSL *s;
219 /* SSLv2 header */ 213 /* SSLv2 header */
220 if ((p[3] == 0x00) && (p[4] == 0x02)) 214 if ((p[3] == 0x00) && (p[4] == 0x02))
221 { 215 {
216 v[0]=p[3]; v[1]=p[4];
222 /* SSLv2 */ 217 /* SSLv2 */
223 if (!(s->options & SSL_OP_NO_SSLv2)) 218 if (!(s->options & SSL_OP_NO_SSLv2))
224 type=1; 219 type=1;
225 } 220 }
226 else if (p[3] == SSL3_VERSION_MAJOR) 221 else if (p[3] == SSL3_VERSION_MAJOR)
227 { 222 {
223 v[0]=p[3]; v[1]=p[4];
228 /* SSLv3/TLSv1 */ 224 /* SSLv3/TLSv1 */
229 if (p[4] >= TLS1_VERSION_MINOR) 225 if (p[4] >= TLS1_VERSION_MINOR)
230 { 226 {
@@ -237,13 +233,19 @@ SSL *s;
237 { 233 {
238 s->state=SSL23_ST_SR_CLNT_HELLO_B; 234 s->state=SSL23_ST_SR_CLNT_HELLO_B;
239 } 235 }
236 else if (!(s->options & SSL_OP_NO_SSLv2))
237 {
238 type=1;
239 }
240 } 240 }
241 else if (!(s->options & SSL_OP_NO_SSLv3)) 241 else if (!(s->options & SSL_OP_NO_SSLv3))
242 s->state=SSL23_ST_SR_CLNT_HELLO_B; 242 s->state=SSL23_ST_SR_CLNT_HELLO_B;
243 else if (!(s->options & SSL_OP_NO_SSLv2))
244 type=1;
243 245
244 if (s->options & SSL_OP_NON_EXPORT_FIRST) 246 if (s->options & SSL_OP_NON_EXPORT_FIRST)
245 { 247 {
246 STACK *sk; 248 STACK_OF(SSL_CIPHER) *sk;
247 SSL_CIPHER *c; 249 SSL_CIPHER *c;
248 int ne2,ne3; 250 int ne2,ne3;
249 251
@@ -274,10 +276,10 @@ SSL *s;
274 if (sk != NULL) 276 if (sk != NULL)
275 { 277 {
276 ne2=ne3=0; 278 ne2=ne3=0;
277 for (j=0; j<sk_num(sk); j++) 279 for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
278 { 280 {
279 c=(SSL_CIPHER *)sk_value(sk,j); 281 c=sk_SSL_CIPHER_value(sk,j);
280 if (!(c->algorithms & SSL_EXP)) 282 if (!SSL_C_IS_EXPORT(c))
281 { 283 {
282 if ((c->id>>24L) == 2L) 284 if ((c->id>>24L) == 2L)
283 ne2=1; 285 ne2=1;
@@ -299,6 +301,7 @@ SSL *s;
299 (p[1] == SSL3_VERSION_MAJOR) && 301 (p[1] == SSL3_VERSION_MAJOR) &&
300 (p[5] == SSL3_MT_CLIENT_HELLO)) 302 (p[5] == SSL3_MT_CLIENT_HELLO))
301 { 303 {
304 v[0]=p[1]; v[1]=p[2];
302 /* true SSLv3 or tls1 */ 305 /* true SSLv3 or tls1 */
303 if (p[2] >= TLS1_VERSION_MINOR) 306 if (p[2] >= TLS1_VERSION_MINOR)
304 { 307 {
@@ -313,15 +316,15 @@ SSL *s;
313 else if (!(s->options & SSL_OP_NO_SSLv3)) 316 else if (!(s->options & SSL_OP_NO_SSLv3))
314 type=3; 317 type=3;
315 } 318 }
316 else if ((strncmp("GET ", p,4) == 0) || 319 else if ((strncmp("GET ", (char *)p,4) == 0) ||
317 (strncmp("POST ",p,5) == 0) || 320 (strncmp("POST ",(char *)p,5) == 0) ||
318 (strncmp("HEAD ",p,5) == 0) || 321 (strncmp("HEAD ",(char *)p,5) == 0) ||
319 (strncmp("PUT ", p,4) == 0)) 322 (strncmp("PUT ", (char *)p,4) == 0))
320 { 323 {
321 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); 324 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
322 goto err; 325 goto err;
323 } 326 }
324 else if (strncmp("CONNECT",p,7) == 0) 327 else if (strncmp("CONNECT",(char *)p,7) == 0)
325 { 328 {
326 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); 329 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
327 goto err; 330 goto err;
@@ -387,7 +390,7 @@ next_bit:
387 } 390 }
388 s2n(j,dd); 391 s2n(j,dd);
389 392
390 /* compression */ 393 /* COMPRESSION */
391 *(d++)=1; 394 *(d++)=1;
392 *(d++)=0; 395 *(d++)=0;
393 396
@@ -478,6 +481,7 @@ next_bit:
478 s->version=SSL3_VERSION; 481 s->version=SSL3_VERSION;
479 s->method=SSLv3_server_method(); 482 s->method=SSLv3_server_method();
480 } 483 }
484 s->client_version=(v[0]<<8)|v[1];
481 s->handshake_func=s->method->ssl_accept; 485 s->handshake_func=s->method->ssl_accept;
482 } 486 }
483 487
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-22 07:28:47 +0000