]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/s23_srvr.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
d02b48c6 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
d02b48c6 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
d02b48c6 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
d02b48c6 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
d02b48c6 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
a661b653 | 58 | /* ==================================================================== |
f1fd4544 | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
a661b653 BM |
60 | * |
61 | * Redistribution and use in source and binary forms, with or without | |
62 | * modification, are permitted provided that the following conditions | |
63 | * are met: | |
64 | * | |
65 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 66 | * notice, this list of conditions and the following disclaimer. |
a661b653 BM |
67 | * |
68 | * 2. Redistributions in binary form must reproduce the above copyright | |
69 | * notice, this list of conditions and the following disclaimer in | |
70 | * the documentation and/or other materials provided with the | |
71 | * distribution. | |
72 | * | |
73 | * 3. All advertising materials mentioning features or use of this | |
74 | * software must display the following acknowledgment: | |
75 | * "This product includes software developed by the OpenSSL Project | |
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 | * | |
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 | * endorse or promote products derived from this software without | |
80 | * prior written permission. For written permission, please contact | |
81 | * openssl-core@openssl.org. | |
82 | * | |
83 | * 5. Products derived from this software may not be called "OpenSSL" | |
84 | * nor may "OpenSSL" appear in their names without prior written | |
85 | * permission of the OpenSSL Project. | |
86 | * | |
87 | * 6. Redistributions of any form whatsoever must retain the following | |
88 | * acknowledgment: | |
89 | * "This product includes software developed by the OpenSSL Project | |
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 | * | |
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 | * ==================================================================== | |
105 | * | |
106 | * This product includes cryptographic software written by Eric Young | |
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |
108 | * Hudson (tjh@cryptsoft.com). | |
109 | * | |
110 | */ | |
d02b48c6 RE |
111 | |
112 | #include <stdio.h> | |
7b63c0fa | 113 | #include "ssl_locl.h" |
ec577822 BM |
114 | #include <openssl/buffer.h> |
115 | #include <openssl/rand.h> | |
116 | #include <openssl/objects.h> | |
117 | #include <openssl/evp.h> | |
d02b48c6 | 118 | |
4ebb342f | 119 | static const SSL_METHOD *ssl23_get_server_method(int ver); |
d02b48c6 | 120 | int ssl23_get_client_hello(SSL *s); |
4ebb342f | 121 | static const SSL_METHOD *ssl23_get_server_method(int ver) |
0f113f3e | 122 | { |
62f45cc2 | 123 | #ifndef OPENSSL_NO_SSL3 |
0f113f3e MC |
124 | if (ver == SSL3_VERSION) |
125 | return (SSLv3_server_method()); | |
62f45cc2 | 126 | #endif |
0f113f3e MC |
127 | if (ver == TLS1_VERSION) |
128 | return (TLSv1_server_method()); | |
129 | else if (ver == TLS1_1_VERSION) | |
130 | return (TLSv1_1_server_method()); | |
131 | else if (ver == TLS1_2_VERSION) | |
132 | return (TLSv1_2_server_method()); | |
133 | else | |
134 | return (NULL); | |
135 | } | |
d02b48c6 | 136 | |
f3b656b2 | 137 | IMPLEMENT_ssl23_meth_func(SSLv23_server_method, |
0f113f3e MC |
138 | ssl23_accept, |
139 | ssl_undefined_function, ssl23_get_server_method) | |
d02b48c6 | 140 | |
6b691a5c | 141 | int ssl23_accept(SSL *s) |
0f113f3e MC |
142 | { |
143 | BUF_MEM *buf; | |
144 | unsigned long Time = (unsigned long)time(NULL); | |
145 | void (*cb) (const SSL *ssl, int type, int val) = NULL; | |
146 | int ret = -1; | |
147 | int new_state, state; | |
148 | ||
149 | RAND_add(&Time, sizeof(Time), 0); | |
150 | ERR_clear_error(); | |
151 | clear_sys_error(); | |
152 | ||
153 | if (s->info_callback != NULL) | |
154 | cb = s->info_callback; | |
155 | else if (s->ctx->info_callback != NULL) | |
156 | cb = s->ctx->info_callback; | |
157 | ||
158 | s->in_handshake++; | |
159 | if (!SSL_in_init(s) || SSL_in_before(s)) | |
160 | SSL_clear(s); | |
161 | ||
162 | for (;;) { | |
163 | state = s->state; | |
164 | ||
165 | switch (s->state) { | |
166 | case SSL_ST_BEFORE: | |
167 | case SSL_ST_ACCEPT: | |
168 | case SSL_ST_BEFORE | SSL_ST_ACCEPT: | |
169 | case SSL_ST_OK | SSL_ST_ACCEPT: | |
170 | ||
171 | s->server = 1; | |
172 | if (cb != NULL) | |
173 | cb(s, SSL_CB_HANDSHAKE_START, 1); | |
174 | ||
175 | /* s->version=SSL3_VERSION; */ | |
176 | s->type = SSL_ST_ACCEPT; | |
177 | ||
178 | if (s->init_buf == NULL) { | |
179 | if ((buf = BUF_MEM_new()) == NULL) { | |
180 | ret = -1; | |
181 | goto end; | |
182 | } | |
183 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | |
184 | BUF_MEM_free(buf); | |
185 | ret = -1; | |
186 | goto end; | |
187 | } | |
188 | s->init_buf = buf; | |
189 | } | |
190 | ||
191 | ssl3_init_finished_mac(s); | |
192 | ||
193 | s->state = SSL23_ST_SR_CLNT_HELLO_A; | |
194 | s->ctx->stats.sess_accept++; | |
195 | s->init_num = 0; | |
196 | break; | |
197 | ||
198 | case SSL23_ST_SR_CLNT_HELLO_A: | |
199 | case SSL23_ST_SR_CLNT_HELLO_B: | |
200 | ||
201 | s->shutdown = 0; | |
202 | ret = ssl23_get_client_hello(s); | |
203 | if (ret >= 0) | |
204 | cb = NULL; | |
205 | goto end; | |
206 | /* break; */ | |
207 | ||
208 | default: | |
209 | SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE); | |
210 | ret = -1; | |
211 | goto end; | |
212 | /* break; */ | |
213 | } | |
214 | ||
215 | if ((cb != NULL) && (s->state != state)) { | |
216 | new_state = s->state; | |
217 | s->state = state; | |
218 | cb(s, SSL_CB_ACCEPT_LOOP, 1); | |
219 | s->state = new_state; | |
220 | } | |
221 | } | |
222 | end: | |
223 | s->in_handshake--; | |
224 | if (cb != NULL) | |
225 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | |
226 | return (ret); | |
227 | } | |
d02b48c6 | 228 | |
6b691a5c | 229 | int ssl23_get_client_hello(SSL *s) |
0f113f3e | 230 | { |
dbd87ffc MC |
231 | /*- |
232 | * Request this many bytes in initial read. | |
233 | * We can detect SSL 3.0/TLS 1.0 Client Hellos | |
234 | * ('type == 3') correctly only when the following | |
235 | * is in a single record, which is not guaranteed by | |
236 | * the protocol specification: | |
237 | * Byte Content | |
238 | * 0 type \ | |
239 | * 1/2 version > record header | |
240 | * 3/4 length / | |
241 | * 5 msg_type \ | |
242 | * 6-8 length > Client Hello message | |
243 | * 9/10 client_version / | |
244 | */ | |
0f113f3e MC |
245 | char buf_space[11]; |
246 | char *buf = &(buf_space[0]); | |
247 | unsigned char *p, *d, *d_len, *dd; | |
248 | unsigned int i; | |
249 | unsigned int csl, sil, cl; | |
250 | int n = 0, j; | |
251 | int type = 0; | |
252 | int v[2]; | |
253 | ||
254 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { | |
255 | /* read the initial header */ | |
256 | v[0] = v[1] = 0; | |
257 | ||
258 | if (!ssl3_setup_buffers(s)) | |
259 | goto err; | |
260 | ||
261 | n = ssl23_read_bytes(s, sizeof buf_space); | |
262 | if (n != sizeof buf_space) | |
263 | return (n); /* n == -1 || n == 0 */ | |
264 | ||
265 | p = s->packet; | |
266 | ||
267 | memcpy(buf, p, n); | |
268 | ||
269 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { | |
270 | /* | |
271 | * SSLv2 header | |
272 | */ | |
273 | if ((p[3] == 0x00) && (p[4] == 0x02)) { | |
274 | v[0] = p[3]; | |
275 | v[1] = p[4]; | |
276 | /* SSLv2 */ | |
277 | } else if (p[3] == SSL3_VERSION_MAJOR) { | |
278 | v[0] = p[3]; | |
279 | v[1] = p[4]; | |
280 | /* SSLv3/TLSv1 */ | |
281 | if (p[4] >= TLS1_VERSION_MINOR) { | |
282 | if (p[4] >= TLS1_2_VERSION_MINOR && | |
283 | !(s->options & SSL_OP_NO_TLSv1_2)) { | |
284 | s->version = TLS1_2_VERSION; | |
285 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | |
286 | } else if (p[4] >= TLS1_1_VERSION_MINOR && | |
287 | !(s->options & SSL_OP_NO_TLSv1_1)) { | |
288 | s->version = TLS1_1_VERSION; | |
289 | /* | |
290 | * type=2; | |
291 | *//* | |
292 | * done later to survive restarts | |
293 | */ | |
294 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | |
295 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | |
296 | s->version = TLS1_VERSION; | |
297 | /* | |
298 | * type=2; | |
299 | *//* | |
300 | * done later to survive restarts | |
301 | */ | |
302 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | |
303 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | |
304 | s->version = SSL3_VERSION; | |
305 | /* type=2; */ | |
306 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | |
307 | } | |
308 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | |
309 | s->version = SSL3_VERSION; | |
310 | /* type=2; */ | |
311 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | |
312 | } | |
313 | } | |
314 | } | |
315 | /* p[4] < 5 ... silly record length? */ | |
316 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | |
317 | (p[1] == SSL3_VERSION_MAJOR) && | |
318 | (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5) | |
319 | || (p[9] >= p[1]))) { | |
320 | /* | |
321 | * SSLv3 or tls1 header | |
322 | */ | |
323 | ||
324 | v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | |
325 | /* | |
326 | * We must look at client_version inside the Client Hello message | |
327 | * to get the correct minor version. However if we have only a | |
328 | * pathologically small fragment of the Client Hello message, this | |
329 | * would be difficult, and we'd have to read more records to find | |
330 | * out. No known SSL 3.0 client fragments ClientHello like this, | |
331 | * so we simply reject such connections to avoid protocol version | |
332 | * downgrade attacks. | |
333 | */ | |
334 | if (p[3] == 0 && p[4] < 6) { | |
335 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL); | |
336 | goto err; | |
337 | } | |
338 | /* | |
339 | * if major version number > 3 set minor to a value which will | |
340 | * use the highest version 3 we support. If TLS 2.0 ever appears | |
341 | * we will need to revise this.... | |
342 | */ | |
343 | if (p[9] > SSL3_VERSION_MAJOR) | |
344 | v[1] = 0xff; | |
345 | else | |
346 | v[1] = p[10]; /* minor version according to client_version */ | |
347 | if (v[1] >= TLS1_VERSION_MINOR) { | |
348 | if (v[1] >= TLS1_2_VERSION_MINOR && | |
349 | !(s->options & SSL_OP_NO_TLSv1_2)) { | |
350 | s->version = TLS1_2_VERSION; | |
351 | type = 3; | |
352 | } else if (v[1] >= TLS1_1_VERSION_MINOR && | |
353 | !(s->options & SSL_OP_NO_TLSv1_1)) { | |
354 | s->version = TLS1_1_VERSION; | |
355 | type = 3; | |
356 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | |
357 | s->version = TLS1_VERSION; | |
358 | type = 3; | |
359 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | |
360 | s->version = SSL3_VERSION; | |
361 | type = 3; | |
362 | } | |
363 | } else { | |
364 | /* client requests SSL 3.0 */ | |
365 | if (!(s->options & SSL_OP_NO_SSLv3)) { | |
366 | s->version = SSL3_VERSION; | |
367 | type = 3; | |
368 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | |
369 | /* | |
370 | * we won't be able to use TLS of course, but this will | |
371 | * send an appropriate alert | |
372 | */ | |
373 | s->version = TLS1_VERSION; | |
374 | type = 3; | |
375 | } | |
376 | } | |
377 | } else if ((strncmp("GET ", (char *)p, 4) == 0) || | |
378 | (strncmp("POST ", (char *)p, 5) == 0) || | |
379 | (strncmp("HEAD ", (char *)p, 5) == 0) || | |
380 | (strncmp("PUT ", (char *)p, 4) == 0)) { | |
381 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); | |
382 | goto err; | |
383 | } else if (strncmp("CONNECT", (char *)p, 7) == 0) { | |
384 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); | |
385 | goto err; | |
386 | } | |
387 | } | |
388 | ||
389 | /* ensure that TLS_MAX_VERSION is up-to-date */ | |
390 | OPENSSL_assert(s->version <= TLS_MAX_VERSION); | |
391 | ||
392 | if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) { | |
393 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
394 | SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); | |
395 | goto err; | |
396 | } | |
397 | ||
398 | if (FIPS_mode() && (s->version < TLS1_VERSION)) { | |
399 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
400 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | |
401 | goto err; | |
402 | } | |
403 | ||
404 | if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { | |
405 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_VERSION_TOO_LOW); | |
406 | goto err; | |
407 | } | |
408 | ||
409 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { | |
410 | /* | |
411 | * we have SSLv3/TLSv1 in an SSLv2 header (other cases skip this | |
412 | * state) | |
413 | */ | |
414 | ||
415 | type = 2; | |
416 | p = s->packet; | |
417 | v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | |
418 | v[1] = p[4]; | |
419 | ||
420 | /*- | |
421 | * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 | |
422 | * header is sent directly on the wire, not wrapped as a TLS | |
423 | * record. It's format is: | |
424 | * Byte Content | |
425 | * 0-1 msg_length | |
426 | * 2 msg_type | |
427 | * 3-4 version | |
428 | * 5-6 cipher_spec_length | |
429 | * 7-8 session_id_length | |
430 | * 9-10 challenge_length | |
431 | * ... ... | |
432 | */ | |
433 | n = ((p[0] & 0x7f) << 8) | p[1]; | |
434 | if (n > (1024 * 4)) { | |
435 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); | |
436 | goto err; | |
437 | } | |
438 | if (n < 9) { | |
439 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
440 | SSL_R_RECORD_LENGTH_MISMATCH); | |
441 | goto err; | |
442 | } | |
443 | ||
444 | j = ssl23_read_bytes(s, n + 2); | |
445 | /* | |
446 | * We previously read 11 bytes, so if j > 0, we must have j == n+2 == | |
447 | * s->packet_length. We have at least 11 valid packet bytes. | |
448 | */ | |
449 | if (j <= 0) | |
450 | return (j); | |
451 | ||
452 | ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); | |
453 | ||
454 | /* CLIENT-HELLO */ | |
455 | if (s->msg_callback) | |
456 | s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, | |
457 | s->packet_length - 2, s, s->msg_callback_arg); | |
458 | ||
459 | p = s->packet; | |
460 | p += 5; | |
461 | n2s(p, csl); | |
462 | n2s(p, sil); | |
463 | n2s(p, cl); | |
464 | d = (unsigned char *)s->init_buf->data; | |
465 | if ((csl + sil + cl + 11) != s->packet_length) { /* We can't have TLS | |
466 | * extensions in SSL | |
467 | * 2.0 format * | |
468 | * Client Hello, can | |
469 | * we? Error | |
470 | * condition should | |
471 | * be * '>' | |
472 | * otherweise */ | |
473 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | |
474 | SSL_R_RECORD_LENGTH_MISMATCH); | |
475 | goto err; | |
476 | } | |
477 | ||
478 | /* record header: msg_type ... */ | |
479 | *(d++) = SSL3_MT_CLIENT_HELLO; | |
480 | /* ... and length (actual value will be written later) */ | |
481 | d_len = d; | |
482 | d += 3; | |
483 | ||
484 | /* client_version */ | |
485 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | |
486 | *(d++) = v[1]; | |
487 | ||
488 | /* lets populate the random area */ | |
489 | /* get the challenge_length */ | |
490 | i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl; | |
491 | memset(d, 0, SSL3_RANDOM_SIZE); | |
492 | memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i); | |
493 | d += SSL3_RANDOM_SIZE; | |
494 | ||
495 | /* no session-id reuse */ | |
496 | *(d++) = 0; | |
497 | ||
498 | /* ciphers */ | |
499 | j = 0; | |
500 | dd = d; | |
501 | d += 2; | |
502 | for (i = 0; i < csl; i += 3) { | |
503 | if (p[i] != 0) | |
504 | continue; | |
505 | *(d++) = p[i + 1]; | |
506 | *(d++) = p[i + 2]; | |
507 | j += 2; | |
508 | } | |
509 | s2n(j, dd); | |
510 | ||
511 | /* COMPRESSION */ | |
512 | *(d++) = 1; | |
513 | *(d++) = 0; | |
514 | ||
f1fd4544 | 515 | #if 0 |
0f113f3e MC |
516 | /* copy any remaining data with may be extensions */ |
517 | p = p + csl + sil + cl; | |
518 | while (p < s->packet + s->packet_length) { | |
519 | *(d++) = *(p++); | |
520 | } | |
f1fd4544 | 521 | #endif |
ed3883d2 | 522 | |
0f113f3e MC |
523 | i = (d - (unsigned char *)s->init_buf->data) - 4; |
524 | l2n3((long)i, d_len); | |
525 | ||
526 | /* get the data reused from the init_buf */ | |
527 | s->s3->tmp.reuse_message = 1; | |
528 | s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO; | |
529 | s->s3->tmp.message_size = i; | |
530 | } | |
531 | ||
532 | /* imaginary new state (for program structure): */ | |
533 | /* s->state = SSL23_SR_CLNT_HELLO_C */ | |
534 | ||
535 | if ((type == 2) || (type == 3)) { | |
536 | /* | |
537 | * we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) | |
538 | */ | |
539 | const SSL_METHOD *new_method; | |
540 | new_method = ssl23_get_server_method(s->version); | |
541 | if (new_method == NULL) { | |
542 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); | |
543 | goto err; | |
544 | } | |
545 | s->method = new_method; | |
546 | ||
547 | if (!ssl_init_wbio_buffer(s, 1)) | |
548 | goto err; | |
549 | ||
550 | /* we are in this state */ | |
551 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | |
552 | ||
553 | if (type == 3) { | |
554 | /* | |
555 | * put the 'n' bytes we have read into the input buffer for SSLv3 | |
556 | */ | |
557 | s->rstate = SSL_ST_READ_HEADER; | |
558 | s->packet_length = n; | |
559 | if (s->s3->rbuf.buf == NULL) | |
560 | if (!ssl3_setup_read_buffer(s)) | |
561 | goto err; | |
562 | ||
563 | s->packet = &(s->s3->rbuf.buf[0]); | |
564 | memcpy(s->packet, buf, n); | |
565 | s->s3->rbuf.left = n; | |
566 | s->s3->rbuf.offset = 0; | |
567 | } else { | |
568 | s->packet_length = 0; | |
569 | s->s3->rbuf.left = 0; | |
570 | s->s3->rbuf.offset = 0; | |
571 | } | |
572 | #if 0 /* ssl3_get_client_hello does this */ | |
573 | s->client_version = (v[0] << 8) | v[1]; | |
074309b7 | 574 | #endif |
0f113f3e MC |
575 | s->handshake_func = s->method->ssl_accept; |
576 | } else { | |
577 | /* bad, very bad */ | |
578 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); | |
579 | goto err; | |
580 | } | |
581 | s->init_num = 0; | |
582 | ||
583 | if (buf != buf_space) | |
584 | OPENSSL_free(buf); | |
585 | return (SSL_accept(s)); | |
586 | err: | |
587 | if (buf != buf_space) | |
588 | OPENSSL_free(buf); | |
589 | return (-1); | |
590 | } |