s23_clnt.c (142428) | s23_clnt.c (160817) |
---|---|
1/* ssl/s23_clnt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 66 unchanged lines hidden (view full) --- 75 if (ver == SSL3_VERSION) 76 return(SSLv3_client_method()); 77 else if (ver == TLS1_VERSION) 78 return(TLSv1_client_method()); 79 else 80 return(NULL); 81 } 82 | 1/* ssl/s23_clnt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 66 unchanged lines hidden (view full) --- 75 if (ver == SSL3_VERSION) 76 return(SSLv3_client_method()); 77 else if (ver == TLS1_VERSION) 78 return(TLSv1_client_method()); 79 else 80 return(NULL); 81 } 82 |
83SSL_METHOD *SSLv23_client_method(void) 84 { 85 static int init=1; 86 static SSL_METHOD SSLv23_client_data; | 83IMPLEMENT_ssl23_meth_func(SSLv23_client_method, 84 ssl_undefined_function, 85 ssl23_connect, 86 ssl23_get_client_method) |
87 | 87 |
88 if (init) 89 { 90 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); 91 92 if (init) 93 { 94 memcpy((char *)&SSLv23_client_data, 95 (char *)sslv23_base_method(),sizeof(SSL_METHOD)); 96 SSLv23_client_data.ssl_connect=ssl23_connect; 97 SSLv23_client_data.get_ssl_method=ssl23_get_client_method; 98 init=0; 99 } 100 101 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); 102 } 103 return(&SSLv23_client_data); 104 } 105 | |
106int ssl23_connect(SSL *s) 107 { 108 BUF_MEM *buf=NULL; | 88int ssl23_connect(SSL *s) 89 { 90 BUF_MEM *buf=NULL; |
109 unsigned long Time=time(NULL); | 91 unsigned long Time=(unsigned long)time(NULL); |
110 void (*cb)(const SSL *ssl,int type,int val)=NULL; 111 int ret= -1; 112 int new_state,state; 113 114 RAND_add(&Time,sizeof(Time),0); 115 ERR_clear_error(); 116 clear_sys_error(); 117 --- 97 unchanged lines hidden (view full) --- 215 return(ret); 216 } 217 218 219static int ssl23_client_hello(SSL *s) 220 { 221 unsigned char *buf; 222 unsigned char *p,*d; | 92 void (*cb)(const SSL *ssl,int type,int val)=NULL; 93 int ret= -1; 94 int new_state,state; 95 96 RAND_add(&Time,sizeof(Time),0); 97 ERR_clear_error(); 98 clear_sys_error(); 99 --- 97 unchanged lines hidden (view full) --- 197 return(ret); 198 } 199 200 201static int ssl23_client_hello(SSL *s) 202 { 203 unsigned char *buf; 204 unsigned char *p,*d; |
223 int i,ch_len; | 205 int i,j,ch_len; 206 unsigned long Time,l; 207 int ssl2_compat; 208 int version = 0, version_major, version_minor; 209 SSL_COMP *comp; |
224 int ret; 225 | 210 int ret; 211 |
212 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; 213 214 if (!(s->options & SSL_OP_NO_TLSv1)) 215 { 216 version = TLS1_VERSION; 217 } 218 else if (!(s->options & SSL_OP_NO_SSLv3)) 219 { 220 version = SSL3_VERSION; 221 } 222 else if (!(s->options & SSL_OP_NO_SSLv2)) 223 { 224 version = SSL2_VERSION; 225 } 226 |
|
226 buf=(unsigned char *)s->init_buf->data; 227 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 228 { 229#if 0 230 /* don't reuse session-id's */ 231 if (!ssl_get_new_session(s,0)) 232 { 233 return(-1); 234 } 235#endif 236 237 p=s->s3->client_random; | 227 buf=(unsigned char *)s->init_buf->data; 228 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 229 { 230#if 0 231 /* don't reuse session-id's */ 232 if (!ssl_get_new_session(s,0)) 233 { 234 return(-1); 235 } 236#endif 237 238 p=s->s3->client_random; |
238 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) 239 return -1; | 239 Time=(unsigned long)time(NULL); /* Time */ 240 l2n(Time,p); 241 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 242 return -1; |
240 | 243 |
241 /* Do the message type and length last */ 242 d= &(buf[2]); 243 p=d+9; 244 245 *(d++)=SSL2_MT_CLIENT_HELLO; 246 if (!(s->options & SSL_OP_NO_TLSv1)) | 244 if (version == TLS1_VERSION) |
247 { | 245 { |
248 *(d++)=TLS1_VERSION_MAJOR; 249 *(d++)=TLS1_VERSION_MINOR; 250 s->client_version=TLS1_VERSION; | 246 version_major = TLS1_VERSION_MAJOR; 247 version_minor = TLS1_VERSION_MINOR; |
251 } | 248 } |
252 else if (!(s->options & SSL_OP_NO_SSLv3)) | 249 else if (version == SSL3_VERSION) |
253 { | 250 { |
254 *(d++)=SSL3_VERSION_MAJOR; 255 *(d++)=SSL3_VERSION_MINOR; 256 s->client_version=SSL3_VERSION; | 251 version_major = SSL3_VERSION_MAJOR; 252 version_minor = SSL3_VERSION_MINOR; |
257 } | 253 } |
258 else if (!(s->options & SSL_OP_NO_SSLv2)) | 254 else if (version == SSL2_VERSION) |
259 { | 255 { |
260 *(d++)=SSL2_VERSION_MAJOR; 261 *(d++)=SSL2_VERSION_MINOR; 262 s->client_version=SSL2_VERSION; | 256 version_major = SSL2_VERSION_MAJOR; 257 version_minor = SSL2_VERSION_MINOR; |
263 } 264 else 265 { 266 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); 267 return(-1); 268 } 269 | 258 } 259 else 260 { 261 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); 262 return(-1); 263 } 264 |
270 /* Ciphers supported */ 271 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); 272 if (i == 0) | 265 s->client_version = version; 266 267 if (ssl2_compat) |
273 { | 268 { |
274 /* no ciphers */ 275 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 276 return(-1); 277 } 278 s2n(i,d); 279 p+=i; | 269 /* create SSL 2.0 compatible Client Hello */ |
280 | 270 |
281 /* put in the session-id, zero since there is no 282 * reuse. */ | 271 /* two byte record header will be written last */ 272 d = &(buf[2]); 273 p = d + 9; /* leave space for message type, version, individual length fields */ 274 275 *(d++) = SSL2_MT_CLIENT_HELLO; 276 *(d++) = version_major; 277 *(d++) = version_minor; 278 279 /* Ciphers supported */ 280 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); 281 if (i == 0) 282 { 283 /* no ciphers */ 284 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 285 return -1; 286 } 287 s2n(i,d); 288 p+=i; 289 290 /* put in the session-id length (zero since there is no reuse) */ |
283#if 0 | 291#if 0 |
284 s->session->session_id_length=0; | 292 s->session->session_id_length=0; |
285#endif | 293#endif |
286 s2n(0,d); | 294 s2n(0,d); |
287 | 295 |
288 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 289 ch_len=SSL2_CHALLENGE_LENGTH; 290 else 291 ch_len=SSL2_MAX_CHALLENGE_LENGTH; | 296 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 297 ch_len=SSL2_CHALLENGE_LENGTH; 298 else 299 ch_len=SSL2_MAX_CHALLENGE_LENGTH; |
292 | 300 |
293 /* write out sslv2 challenge */ 294 if (SSL3_RANDOM_SIZE < ch_len) 295 i=SSL3_RANDOM_SIZE; | 301 /* write out sslv2 challenge */ 302 if (SSL3_RANDOM_SIZE < ch_len) 303 i=SSL3_RANDOM_SIZE; 304 else 305 i=ch_len; 306 s2n(i,d); 307 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 308 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 309 return -1; 310 311 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 312 p+=i; 313 314 i= p- &(buf[2]); 315 buf[0]=((i>>8)&0xff)|0x80; 316 buf[1]=(i&0xff); 317 318 /* number of bytes to write */ 319 s->init_num=i+2; 320 s->init_off=0; 321 322 ssl3_finish_mac(s,&(buf[2]),i); 323 } |
296 else | 324 else |
297 i=ch_len; 298 s2n(i,d); 299 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 300 if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 301 return -1; | 325 { 326 /* create Client Hello in SSL 3.0/TLS 1.0 format */ |
302 | 327 |
303 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 304 p+=i; | 328 /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 329 d = p = &(buf[9]); 330 331 *(p++) = version_major; 332 *(p++) = version_minor; |
305 | 333 |
306 i= p- &(buf[2]); 307 buf[0]=((i>>8)&0xff)|0x80; 308 buf[1]=(i&0xff); | 334 /* Random stuff */ 335 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 336 p += SSL3_RANDOM_SIZE; |
309 | 337 |
338 /* Session ID (zero since there is no reuse) */ 339 *(p++) = 0; 340 341 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 342 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); 343 if (i == 0) 344 { 345 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 346 return -1; 347 } 348 s2n(i,p); 349 p+=i; 350 351 /* COMPRESSION */ 352 if (s->ctx->comp_methods == NULL) 353 j=0; 354 else 355 j=sk_SSL_COMP_num(s->ctx->comp_methods); 356 *(p++)=1+j; 357 for (i=0; i<j; i++) 358 { 359 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 360 *(p++)=comp->id; 361 } 362 *(p++)=0; /* Add the NULL method */ 363 364 l = p-d; 365 *p = 42; 366 367 /* fill in 4-byte handshake header */ 368 d=&(buf[5]); 369 *(d++)=SSL3_MT_CLIENT_HELLO; 370 l2n3(l,d); 371 372 l += 4; 373 374 if (l > SSL3_RT_MAX_PLAIN_LENGTH) 375 { 376 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 377 return -1; 378 } 379 380 /* fill in 5-byte record header */ 381 d=buf; 382 *(d++) = SSL3_RT_HANDSHAKE; 383 *(d++) = version_major; 384 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here 385 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ 386 s2n((int)l,d); 387 388 /* number of bytes to write */ 389 s->init_num=p-buf; 390 s->init_off=0; 391 392 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); 393 } 394 |
|
310 s->state=SSL23_ST_CW_CLNT_HELLO_B; | 395 s->state=SSL23_ST_CW_CLNT_HELLO_B; |
311 /* number of bytes to write */ 312 s->init_num=i+2; | |
313 s->init_off=0; | 396 s->init_off=0; |
314 315 ssl3_finish_mac(s,&(buf[2]),i); | |
316 } 317 318 /* SSL3_ST_CW_CLNT_HELLO_B */ 319 ret = ssl23_write_bytes(s); | 397 } 398 399 /* SSL3_ST_CW_CLNT_HELLO_B */ 400 ret = ssl23_write_bytes(s); |
320 if (ret >= 2) 321 if (s->msg_callback) 322 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | 401 402 if ((ret >= 2) && s->msg_callback) 403 { 404 /* Client Hello has been sent; tell msg_callback */ 405 406 if (ssl2_compat) 407 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); 408 else 409 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); 410 } 411 |
323 return ret; 324 } 325 326static int ssl23_get_server_hello(SSL *s) 327 { 328 char buf[8]; 329 unsigned char *p; 330 int i; --- 163 unchanged lines hidden --- | 412 return ret; 413 } 414 415static int ssl23_get_server_hello(SSL *s) 416 { 417 char buf[8]; 418 unsigned char *p; 419 int i; --- 163 unchanged lines hidden --- |