s23_clnt.c revision 273415
1139749Simp/* ssl/s23_clnt.c */ 2128967Srik/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3128967Srik * All rights reserved. 4128967Srik * 5128967Srik * This package is an SSL implementation written 6128967Srik * by Eric Young (eay@cryptsoft.com). 7128967Srik * The implementation was written so as to conform with Netscapes SSL. 8128967Srik * 9128967Srik * This library is free for commercial and non-commercial use as long as 10128967Srik * the following conditions are aheared to. The following conditions 11128967Srik * apply to all code found in this distribution, be it the RC4, RSA, 12128967Srik * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13128967Srik * included with this distribution is covered by the same copyright terms 14128967Srik * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15128967Srik * 16128967Srik * Copyright remains Eric Young's, and as such any Copyright notices in 17128967Srik * the code are not to be removed. 18128967Srik * If this package is used in a product, Eric Young should be given attribution 19128967Srik * as the author of the parts of the library used. 20128967Srik * This can be in the form of a textual message at program startup or 21130985Srik * in documentation (online or textual) provided with the package. 22128967Srik * 23128967Srik * Redistribution and use in source and binary forms, with or without 24128967Srik * modification, are permitted provided that the following conditions 25128967Srik * are met: 26128967Srik * 1. Redistributions of source code must retain the copyright 27128967Srik * notice, this list of conditions and the following disclaimer. 28128967Srik * 2. Redistributions in binary form must reproduce the above copyright 29128967Srik * notice, this list of conditions and the following disclaimer in the 30128967Srik * documentation and/or other materials provided with the distribution. 31128967Srik * 3. All advertising materials mentioning features or use of this software 32128967Srik * must display the following acknowledgement: 33129879Sphk * "This product includes cryptographic software written by 34128967Srik * Eric Young (eay@cryptsoft.com)" 35128967Srik * The word 'cryptographic' can be left out if the rouines from the library 36164033Srwatson * being used are not cryptographic related :-). 37128967Srik * 4. If you include any Windows specific code (or a derivative thereof) from 38128967Srik * the apps directory (application code) you must include an acknowledgement: 39138823Srik * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40128967Srik * 41130971Srik * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42128967Srik * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43128967Srik * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44128967Srik * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45138673Srik * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46138673Srik * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47128967Srik * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48128967Srik * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49128967Srik * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50128967Srik * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51128967Srik * SUCH DAMAGE. 52128967Srik * 53133646Srik * The licence and distribution terms for any publically available version or 54128967Srik * derivative of this code cannot be changed. i.e. this code cannot simply be 55128967Srik * copied and put under another distribution licence 56128967Srik * [including the GNU Public Licence.] 57130985Srik */ 58128967Srik 59128967Srik#include <stdio.h> 60147256Sbrooks#include "ssl_locl.h" 61147256Sbrooks#include <openssl/buffer.h> 62128967Srik#include <openssl/rand.h> 63130971Srik#include <openssl/objects.h> 64128967Srik#include <openssl/evp.h> 65128967Srik 66128967Srikstatic SSL_METHOD *ssl23_get_client_method(int ver); 67128967Srikstatic int ssl23_client_hello(SSL *s); 68128967Srikstatic int ssl23_get_server_hello(SSL *s); 69128967Srikstatic SSL_METHOD *ssl23_get_client_method(int ver) 70128967Srik { 71128967Srik#ifndef OPENSSL_NO_SSL2 72128967Srik if (ver == SSL2_VERSION) 73128967Srik return(SSLv2_client_method()); 74128967Srik#endif 75128967Srik#ifndef OPENSSL_NO_SSL3 76128967Srik if (ver == SSL3_VERSION) 77128967Srik return(SSLv3_client_method()); 78128967Srik#endif 79128967Srik if (ver == TLS1_VERSION) 80138823Srik return(TLSv1_client_method()); 81128967Srik else 82188661Srwatson return(NULL); 83188661Srwatson } 84188661Srwatson 85138823SrikIMPLEMENT_ssl23_meth_func(SSLv23_client_method, 86128967Srik ssl_undefined_function, 87128967Srik ssl23_connect, 88128967Srik ssl23_get_client_method) 89128967Srik 90128967Srikint ssl23_connect(SSL *s) 91128967Srik { 92128967Srik BUF_MEM *buf=NULL; 93128967Srik unsigned long Time=(unsigned long)time(NULL); 94128967Srik void (*cb)(const SSL *ssl,int type,int val)=NULL; 95128967Srik int ret= -1; 96128967Srik int new_state,state; 97128967Srik 98128967Srik RAND_add(&Time,sizeof(Time),0); 99130985Srik ERR_clear_error(); 100130985Srik clear_sys_error(); 101130985Srik 102130985Srik if (s->info_callback != NULL) 103130985Srik cb=s->info_callback; 104130985Srik else if (s->ctx->info_callback != NULL) 105130985Srik cb=s->ctx->info_callback; 106128967Srik 107128967Srik s->in_handshake++; 108138823Srik if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 109138823Srik 110138823Srik for (;;) 111138823Srik { 112138823Srik state=s->state; 113128967Srik 114193813Simp switch(s->state) 115128967Srik { 116128967Srik case SSL_ST_BEFORE: 117128967Srik case SSL_ST_CONNECT: 118128967Srik case SSL_ST_BEFORE|SSL_ST_CONNECT: 119128967Srik case SSL_ST_OK|SSL_ST_CONNECT: 120128967Srik 121138823Srik if (s->session != NULL) 122147256Sbrooks { 123128967Srik SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); 124199407Sjhb ret= -1; 125199407Sjhb goto end; 126138823Srik } 127128967Srik s->server=0; 128128967Srik if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 129130985Srik 130130985Srik /* s->version=TLS1_VERSION; */ 131130985Srik s->type=SSL_ST_CONNECT; 132130985Srik 133130985Srik if (s->init_buf == NULL) 134130985Srik { 135130985Srik if ((buf=BUF_MEM_new()) == NULL) 136138823Srik { 137130985Srik ret= -1; 138130985Srik goto end; 139130985Srik } 140130985Srik if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 141130985Srik { 142130985Srik ret= -1; 143130985Srik goto end; 144130985Srik } 145130985Srik s->init_buf=buf; 146130985Srik buf=NULL; 147128967Srik } 148128967Srik 149128967Srik if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 150128967Srik 151128967Srik ssl3_init_finished_mac(s); 152128967Srik 153128967Srik s->state=SSL23_ST_CW_CLNT_HELLO_A; 154199407Sjhb s->ctx->stats.sess_connect++; 155128967Srik s->init_num=0; 156128967Srik break; 157128967Srik 158128967Srik case SSL23_ST_CW_CLNT_HELLO_A: 159128967Srik case SSL23_ST_CW_CLNT_HELLO_B: 160128967Srik 161128967Srik s->shutdown=0; 162128967Srik ret=ssl23_client_hello(s); 163128967Srik if (ret <= 0) goto end; 164128967Srik s->state=SSL23_ST_CR_SRVR_HELLO_A; 165128967Srik s->init_num=0; 166128967Srik 167138823Srik break; 168138823Srik 169128967Srik case SSL23_ST_CR_SRVR_HELLO_A: 170128967Srik case SSL23_ST_CR_SRVR_HELLO_B: 171128967Srik ret=ssl23_get_server_hello(s); 172150622Srik if (ret >= 0) cb=NULL; 173150622Srik goto end; 174150622Srik /* break; */ 175150622Srik 176150622Srik default: 177150622Srik SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); 178150622Srik ret= -1; 179150622Srik goto end; 180150622Srik /* break; */ 181150622Srik } 182150622Srik 183128967Srik if (s->debug) { (void)BIO_flush(s->wbio); } 184150622Srik 185150622Srik if ((cb != NULL) && (s->state != state)) 186150622Srik { 187150622Srik new_state=s->state; 188150622Srik s->state=state; 189150622Srik cb(s,SSL_CB_CONNECT_LOOP,1); 190150622Srik s->state=new_state; 191150622Srik } 192150622Srik } 193150622Srikend: 194150622Srik s->in_handshake--; 195150622Srik if (buf != NULL) 196150622Srik BUF_MEM_free(buf); 197150622Srik if (cb != NULL) 198150622Srik cb(s,SSL_CB_CONNECT_EXIT,ret); 199150622Srik return(ret); 200150622Srik } 201150622Srik 202150622Srik 203150622Srikstatic int ssl23_client_hello(SSL *s) 204150622Srik { 205150622Srik unsigned char *buf; 206248078Smarius unsigned char *p,*d; 207150622Srik int i,ch_len; 208150622Srik unsigned long Time,l; 209248078Smarius int ssl2_compat; 210150622Srik int version = 0, version_major, version_minor; 211150622Srik#ifndef OPENSSL_NO_COMP 212150622Srik int j; 213150622Srik SSL_COMP *comp; 214150622Srik#endif 215150622Srik int ret; 216150622Srik 217150622Srik ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; 218150622Srik 219150622Srik if (!(s->options & SSL_OP_NO_TLSv1)) 220150622Srik { 221150622Srik version = TLS1_VERSION; 222150622Srik } 223150622Srik else if (!(s->options & SSL_OP_NO_SSLv3)) 224150622Srik { 225150622Srik version = SSL3_VERSION; 226150622Srik } 227150622Srik else if (!(s->options & SSL_OP_NO_SSLv2)) 228150622Srik { 229150622Srik version = SSL2_VERSION; 230150622Srik } 231150622Srik#ifndef OPENSSL_NO_TLSEXT 232150622Srik if (version != SSL2_VERSION) 233150622Srik { 234150622Srik /* have to disable SSL 2.0 compatibility if we need TLS extensions */ 235150622Srik 236150622Srik if (s->tlsext_hostname != NULL) 237150622Srik ssl2_compat = 0; 238150622Srik if (s->tlsext_status_type != -1) 239150622Srik ssl2_compat = 0; 240150622Srik } 241150622Srik#endif 242150622Srik 243150622Srik buf=(unsigned char *)s->init_buf->data; 244150622Srik if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 245150622Srik { 246150622Srik#if 0 247150622Srik /* don't reuse session-id's */ 248150622Srik if (!ssl_get_new_session(s,0)) 249150622Srik { 250150622Srik return(-1); 251150622Srik } 252150622Srik#endif 253150622Srik 254150622Srik p=s->s3->client_random; 255150622Srik Time=(unsigned long)time(NULL); /* Time */ 256150622Srik l2n(Time,p); 257150622Srik if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 258150622Srik return -1; 259150622Srik 260150622Srik if (version == TLS1_VERSION) 261150622Srik { 262150622Srik version_major = TLS1_VERSION_MAJOR; 263150622Srik version_minor = TLS1_VERSION_MINOR; 264150622Srik } 265150622Srik#ifdef OPENSSL_FIPS 266150622Srik else if(FIPS_mode()) 267150622Srik { 268150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO, 269150622Srik SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 270150622Srik return -1; 271150622Srik } 272150622Srik#endif 273150622Srik else if (version == SSL3_VERSION) 274150622Srik { 275150622Srik version_major = SSL3_VERSION_MAJOR; 276150622Srik version_minor = SSL3_VERSION_MINOR; 277150622Srik } 278150622Srik else if (version == SSL2_VERSION) 279150622Srik { 280150622Srik version_major = SSL2_VERSION_MAJOR; 281150622Srik version_minor = SSL2_VERSION_MINOR; 282150622Srik } 283150622Srik else 284150622Srik { 285150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); 286150622Srik return(-1); 287150622Srik } 288150622Srik 289150622Srik s->client_version = version; 290150622Srik 291150622Srik if (ssl2_compat) 292150622Srik { 293150622Srik /* create SSL 2.0 compatible Client Hello */ 294150622Srik 295150622Srik /* two byte record header will be written last */ 296150622Srik d = &(buf[2]); 297150622Srik p = d + 9; /* leave space for message type, version, individual length fields */ 298150622Srik 299150622Srik *(d++) = SSL2_MT_CLIENT_HELLO; 300150622Srik *(d++) = version_major; 301150622Srik *(d++) = version_minor; 302150622Srik 303150622Srik /* Ciphers supported */ 304150622Srik i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); 305150622Srik if (i == 0) 306150622Srik { 307150622Srik /* no ciphers */ 308150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 309150622Srik return -1; 310150622Srik } 311150622Srik s2n(i,d); 312150622Srik p+=i; 313150622Srik 314150622Srik /* put in the session-id length (zero since there is no reuse) */ 315150622Srik#if 0 316150622Srik s->session->session_id_length=0; 317150622Srik#endif 318150622Srik s2n(0,d); 319150622Srik 320150622Srik if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 321150622Srik ch_len=SSL2_CHALLENGE_LENGTH; 322150622Srik else 323150622Srik ch_len=SSL2_MAX_CHALLENGE_LENGTH; 324150622Srik 325150622Srik /* write out sslv2 challenge */ 326150622Srik if (SSL3_RANDOM_SIZE < ch_len) 327150622Srik i=SSL3_RANDOM_SIZE; 328150622Srik else 329150622Srik i=ch_len; 330150622Srik s2n(i,d); 331150622Srik memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 332150622Srik if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 333150622Srik return -1; 334150622Srik 335150622Srik memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 336150622Srik p+=i; 337150622Srik 338150622Srik i= p- &(buf[2]); 339150622Srik buf[0]=((i>>8)&0xff)|0x80; 340150622Srik buf[1]=(i&0xff); 341150622Srik 342150622Srik /* number of bytes to write */ 343150622Srik s->init_num=i+2; 344150622Srik s->init_off=0; 345150622Srik 346150622Srik ssl3_finish_mac(s,&(buf[2]),i); 347150622Srik } 348150622Srik else 349150622Srik { 350150622Srik /* create Client Hello in SSL 3.0/TLS 1.0 format */ 351150622Srik 352150622Srik /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 353150622Srik d = p = &(buf[9]); 354150622Srik 355150622Srik *(p++) = version_major; 356150622Srik *(p++) = version_minor; 357150622Srik 358150622Srik /* Random stuff */ 359150622Srik memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 360150622Srik p += SSL3_RANDOM_SIZE; 361150622Srik 362150622Srik /* Session ID (zero since there is no reuse) */ 363150622Srik *(p++) = 0; 364150622Srik 365150622Srik /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 366150622Srik i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); 367150622Srik if (i == 0) 368150622Srik { 369150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 370150622Srik return -1; 371150622Srik } 372150622Srik s2n(i,p); 373150622Srik p+=i; 374150622Srik#ifdef OPENSSL_NO_COMP 375150622Srik *(p++)=1; 376150622Srik#else 377150622Srik /* COMPRESSION */ 378150622Srik if (s->ctx->comp_methods == NULL) 379150622Srik j=0; 380150622Srik else 381150622Srik j=sk_SSL_COMP_num(s->ctx->comp_methods); 382150622Srik *(p++)=1+j; 383150622Srik for (i=0; i<j; i++) 384150622Srik { 385150622Srik comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 386150622Srik *(p++)=comp->id; 387150622Srik } 388150622Srik#endif 389150622Srik *(p++)=0; /* Add the NULL method */ 390150622Srik#ifndef OPENSSL_NO_TLSEXT 391150622Srik if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 392150622Srik { 393150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 394150622Srik return -1; 395150622Srik } 396150622Srik#endif 397150622Srik 398150622Srik l = p-d; 399150622Srik *p = 42; 400150622Srik 401150622Srik /* fill in 4-byte handshake header */ 402150622Srik d=&(buf[5]); 403150622Srik *(d++)=SSL3_MT_CLIENT_HELLO; 404150622Srik l2n3(l,d); 405150622Srik 406150622Srik l += 4; 407150622Srik 408150622Srik if (l > SSL3_RT_MAX_PLAIN_LENGTH) 409150622Srik { 410150622Srik SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 411150622Srik return -1; 412150622Srik } 413150622Srik 414150622Srik /* fill in 5-byte record header */ 415150622Srik d=buf; 416150622Srik *(d++) = SSL3_RT_HANDSHAKE; 417150622Srik *(d++) = version_major; 418150622Srik *(d++) = version_minor; /* arguably we should send the *lowest* suported version here 419150622Srik * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ 420150622Srik s2n((int)l,d); 421150622Srik 422150622Srik /* number of bytes to write */ 423150622Srik s->init_num=p-buf; 424150622Srik s->init_off=0; 425150622Srik 426150622Srik ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); 427150622Srik } 428150622Srik 429150622Srik s->state=SSL23_ST_CW_CLNT_HELLO_B; 430150622Srik s->init_off=0; 431150622Srik } 432150622Srik 433150622Srik /* SSL3_ST_CW_CLNT_HELLO_B */ 434150622Srik ret = ssl23_write_bytes(s); 435150622Srik 436150622Srik if ((ret >= 2) && s->msg_callback) 437150622Srik { 438150622Srik /* Client Hello has been sent; tell msg_callback */ 439150622Srik 440150622Srik if (ssl2_compat) 441150622Srik s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); 442150622Srik else 443150622Srik s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); 444150622Srik } 445150622Srik 446150622Srik return ret; 447150622Srik } 448150622Srik 449150622Srikstatic int ssl23_get_server_hello(SSL *s) 450150622Srik { 451150622Srik char buf[8]; 452150622Srik unsigned char *p; 453150622Srik int i; 454150622Srik int n; 455150622Srik 456150622Srik n=ssl23_read_bytes(s,7); 457150622Srik 458150622Srik if (n != 7) return(n); 459150622Srik p=s->packet; 460150622Srik 461150622Srik memcpy(buf,p,n); 462150622Srik 463150622Srik if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 464188661Srwatson (p[5] == 0x00) && (p[6] == 0x02)) 465150622Srik { 466188661Srwatson#ifdef OPENSSL_NO_SSL2 467166901Spiso SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 468150622Srik goto err; 469150622Srik#else 470150622Srik /* we are talking sslv2 */ 471150622Srik /* we need to clean up the SSLv3 setup and put in the 472150622Srik * sslv2 stuff. */ 473150622Srik int ch_len; 474150622Srik 475150622Srik if (s->options & SSL_OP_NO_SSLv2) 476150622Srik { 477150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 478150622Srik goto err; 479150622Srik } 480150622Srik if (s->s2 == NULL) 481150622Srik { 482150622Srik if (!ssl2_new(s)) 483150622Srik goto err; 484150622Srik } 485150622Srik else 486150622Srik ssl2_clear(s); 487150622Srik 488150622Srik if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 489150622Srik ch_len=SSL2_CHALLENGE_LENGTH; 490150622Srik else 491150622Srik ch_len=SSL2_MAX_CHALLENGE_LENGTH; 492150622Srik 493199407Sjhb /* write out sslv2 challenge */ 494150622Srik i=(SSL3_RANDOM_SIZE < ch_len) 495150622Srik ?SSL3_RANDOM_SIZE:ch_len; 496150622Srik s->s2->challenge_length=i; 497150622Srik memcpy(s->s2->challenge, 498150622Srik &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 499150622Srik 500150622Srik if (s->s3 != NULL) ssl3_free(s); 501150622Srik 502150622Srik if (!BUF_MEM_grow_clean(s->init_buf, 503150622Srik SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 504150622Srik { 505150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); 506150622Srik goto err; 507150622Srik } 508207554Ssobomax 509207554Ssobomax s->state=SSL2_ST_GET_SERVER_HELLO_A; 510150622Srik if (!(s->client_version == SSL2_VERSION)) 511150622Srik /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ 512150622Srik s->s2->ssl2_rollback=1; 513150622Srik 514150622Srik /* setup the 7 bytes we have read so we get them from 515150622Srik * the sslv2 buffer */ 516150622Srik s->rstate=SSL_ST_READ_HEADER; 517150622Srik s->packet_length=n; 518150622Srik s->packet= &(s->s2->rbuf[0]); 519150622Srik memcpy(s->packet,buf,n); 520150622Srik s->s2->rbuf_left=n; 521150622Srik s->s2->rbuf_offs=0; 522150622Srik 523150622Srik /* we have already written one */ 524150622Srik s->s2->write_sequence=1; 525150622Srik 526150622Srik s->method=SSLv2_client_method(); 527150622Srik s->handshake_func=s->method->ssl_connect; 528150622Srik#endif 529150622Srik } 530150622Srik else if (p[1] == SSL3_VERSION_MAJOR && 531150622Srik ((p[2] == SSL3_VERSION_MINOR) || 532150622Srik (p[2] == TLS1_VERSION_MINOR)) && 533150622Srik ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 534150622Srik (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) 535150622Srik { 536150622Srik /* we have sslv3 or tls1 (server hello or alert) */ 537150622Srik 538150622Srik#ifndef OPENSSL_NO_SSL3 539150622Srik if ((p[2] == SSL3_VERSION_MINOR) && 540150622Srik !(s->options & SSL_OP_NO_SSLv3)) 541150622Srik { 542150622Srik#ifdef OPENSSL_FIPS 543150622Srik if(FIPS_mode()) 544150622Srik { 545150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, 546150622Srik SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 547150622Srik goto err; 548150622Srik } 549150622Srik#endif 550150622Srik s->version=SSL3_VERSION; 551150622Srik s->method=SSLv3_client_method(); 552150622Srik } 553150622Srik else 554150622Srik#endif 555150622Srik if ((p[2] == TLS1_VERSION_MINOR) && 556150622Srik !(s->options & SSL_OP_NO_TLSv1)) 557150622Srik { 558150622Srik s->version=TLS1_VERSION; 559150622Srik s->method=TLSv1_client_method(); 560150622Srik } 561150622Srik else 562150622Srik { 563150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 564150622Srik goto err; 565150622Srik } 566150622Srik 567150622Srik /* ensure that TLS_MAX_VERSION is up-to-date */ 568150622Srik OPENSSL_assert(s->version <= TLS_MAX_VERSION); 569150622Srik 570150622Srik if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) 571150622Srik { 572150622Srik /* fatal alert */ 573150622Srik 574150622Srik void (*cb)(const SSL *ssl,int type,int val)=NULL; 575150622Srik int j; 576150622Srik 577150622Srik if (s->info_callback != NULL) 578150622Srik cb=s->info_callback; 579150622Srik else if (s->ctx->info_callback != NULL) 580150622Srik cb=s->ctx->info_callback; 581150622Srik 582150622Srik i=p[5]; 583150622Srik if (cb != NULL) 584150622Srik { 585150622Srik j=(i<<8)|p[6]; 586150622Srik cb(s,SSL_CB_READ_ALERT,j); 587150622Srik } 588150622Srik 589150622Srik if (s->msg_callback) 590150622Srik s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); 591150622Srik 592150622Srik s->rwstate=SSL_NOTHING; 593150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); 594150622Srik goto err; 595150622Srik } 596150622Srik 597150624Srik if (!ssl_init_wbio_buffer(s,1)) goto err; 598150624Srik 599150624Srik /* we are in this state */ 600150622Srik s->state=SSL3_ST_CR_SRVR_HELLO_A; 601150622Srik 602150622Srik /* put the 7 bytes we have read into the input buffer 603150622Srik * for SSLv3 */ 604150622Srik s->rstate=SSL_ST_READ_HEADER; 605199407Sjhb s->packet_length=n; 606150622Srik if (s->s3->rbuf.buf == NULL) 607150622Srik if (!ssl3_setup_buffers(s)) 608150622Srik goto err; 609150622Srik s->packet= &(s->s3->rbuf.buf[0]); 610150622Srik memcpy(s->packet,buf,n); 611150622Srik s->s3->rbuf.left=n; 612150622Srik s->s3->rbuf.offset=0; 613150622Srik 614150622Srik s->handshake_func=s->method->ssl_connect; 615150622Srik } 616150622Srik else 617150622Srik { 618150622Srik SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); 619150622Srik goto err; 620150622Srik } 621150622Srik s->init_num=0; 622150622Srik 623150622Srik /* Since, if we are sending a ssl23 client hello, we are not 624150622Srik * reusing a session-id */ 625150622Srik if (!ssl_get_new_session(s,0)) 626150622Srik goto err; 627150622Srik 628150622Srik return(SSL_connect(s)); 629150622Srikerr: 630150622Srik return(-1); 631150622Srik } 632150622Srik 633150622Srik