mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from

Browse Source 
the SSLv23_* client code.  The server continues to accept it.  It
also kills the bits for SSL2 SESSIONs; even when the server gets
an SSLv2-style compat handshake, the session that it creates has
the correct version internally.

ok tedu@ beck@
This commit is contained in:
guenther 2014-04-16 15:10:07 +00:00
parent 598842de72
commit bbf556937e
14 changed files with 346 additions and 650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

283
lib/libssl/s23_clnt.c
View File

@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s)
return 1;
}
/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
* on failure, 1 on success. */
/*
* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
* on failure, 1 on success.
*/
int
ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
{
@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s)
unsigned char *p, *d;
int i, ch_len;
unsigned long l;
int ssl2_compat;
int version = 0, version_major, version_minor;
#ifndef OPENSSL_NO_COMP
int j;
@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s)
int ret;
unsigned long mask, options = s->options;
ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
ssl2_compat = 0;
/*
* SSL_OP_NO_X disables all protocols above X *if* there are
* some protocols below X enabled. This is required in order
@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s)
version = SSL3_VERSION;
mask &= ~SSL_OP_NO_SSLv3;
#ifndef OPENSSL_NO_TLSEXT
if (version != SSL2_VERSION) {
/* have to disable SSL 2.0 compatibility if we need TLS extensions */
if (s->tlsext_hostname != NULL)
ssl2_compat = 0;
if (s->tlsext_status_type != -1)
ssl2_compat = 0;
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
ssl2_compat = 0;
#endif
}
#endif
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
#if 0
@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s)
} else if (version == SSL3_VERSION) {
version_major = SSL3_VERSION_MAJOR;
version_minor = SSL3_VERSION_MINOR;
} else if (version == SSL2_VERSION) {
version_major = SSL2_VERSION_MAJOR;
version_minor = SSL2_VERSION_MINOR;
} else {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
return (-1);
@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s)
s->client_version = version;
if (ssl2_compat) {
/* create SSL 2.0 compatible Client Hello */
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* two byte record header will be written last */
d = &(buf[2]);
p = d + 9; /* leave space for message type, version, individual length fields */
/*
* Do the record header (5 bytes) and handshake
* message header (4 bytes) last
*/
d = p = &(buf[9]);
*(d++) = SSL2_MT_CLIENT_HELLO;
*(d++) = version_major;
*(d++) = version_minor;
*(p++) = version_major;
*(p++) = version_minor;
/* Ciphers supported */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
if (i == 0) {
/* no ciphers */
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
s2n(i, d);
p += i;
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
/* put in the session-id length (zero since there is no reuse) */
#if 0
s->session->session_id_length = 0;
#endif
s2n(0, d);
/* Session ID (zero since there is no reuse) */
*(p++) = 0;
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
ch_len = SSL2_CHALLENGE_LENGTH;
else
ch_len = SSL2_MAX_CHALLENGE_LENGTH;
/* write out sslv2 challenge */
/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
check in for futurproofing */
if (SSL3_RANDOM_SIZE < ch_len)
i = SSL3_RANDOM_SIZE;
else
i = ch_len;
s2n(i, d);
memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
return -1;
memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
p += i;
i = p- &(buf[2]);
buf[0] = ((i >> 8)&0xff)|0x80;
buf[1] = (i&0xff);
/* number of bytes to write */
s->init_num = i + 2;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[2]), i);
} else {
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* do the record header (5 bytes) and handshake message header (4 bytes) last */
d = p = &(buf[9]);
*(p++) = version_major;
*(p++) = version_minor;
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
/* Session ID (zero since there is no reuse) */
*(p++) = 0;
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char);
if (i == 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
ssl3_put_cipher_by_char);
if (i == 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO,
SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
/* Some servers hang if client hello > 256 bytes
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
/*
* Some servers hang if client hello > 256 bytes
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
s2n(i, p);
p += i;
s2n(i, p);
p += i;
/* COMPRESSION */
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
*(p++) = 1;
*(p++) = 1;
#else
if ((s->options & SSL_OP_NO_COMPRESSION) ||
!s->ctx->comp_methods)
j = 0;
else
j = sk_SSL_COMP_num(s->ctx->comp_methods);
*(p++) = 1 + j;
for (i = 0; i < j; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
*(p++) = comp->id;
}
if ((s->options & SSL_OP_NO_COMPRESSION) ||
!s->ctx->comp_methods)
j = 0;
else
j = sk_SSL_COMP_num(s->ctx->comp_methods);
*(p++) = 1 + j;
for (i = 0; i < j; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
*(p++) = comp->id;
}
#endif
*(p++)=0; /* Add the NULL method */
/* Add the NULL method */
*(p++) = 0;
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
return -1;
}
if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* TLS extensions*/
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO,
SSL_R_CLIENTHELLO_TLSEXT);
return -1;
}
if ((p = ssl_add_clienthello_tlsext(s, p,
buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
#endif
l = p - d;
l = p - d;
/* fill in 4-byte handshake header */
d = &(buf[5]);
*(d++) = SSL3_MT_CLIENT_HELLO;
l2n3(l, d);
/* fill in 4-byte handshake header */
d = &(buf[5]);
*(d++) = SSL3_MT_CLIENT_HELLO;
l2n3(l, d);
l += 4;
l += 4;
if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* fill in 5-byte record header */
d = buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
/* Some servers hang if we use long client hellos
* and a record number > TLS 1.0.
*/
if (TLS1_get_client_version(s) > TLS1_VERSION)
*(d++) = 1;
else
*(d++) = version_minor;
s2n((int)l, d);
/* number of bytes to write */
s->init_num = p - buf;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* fill in 5-byte record header */
d = buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
/*
* Some servers hang if we use long client hellos
* and a record number > TLS 1.0.
*/
if (TLS1_get_client_version(s) > TLS1_VERSION)
*(d++) = 1;
else
*(d++) = version_minor;
s2n((int)l, d);
/* number of bytes to write */
s->init_num = p - buf;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
s->state = SSL23_ST_CW_CLNT_HELLO_B;
s->init_off = 0;
}
@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s)
if ((ret >= 2) && s->msg_callback) {
/* Client Hello has been sent; tell msg_callback */
if (ssl2_compat)
s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg);
else
s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
}
return ret;
@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s)
memcpy(buf, p, n);
/* Old unsupported sslv2 handshake */
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02)) {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
(p[5] == 0x00) && (p[6] == 0x02)) {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
} else if (p[1] == SSL3_VERSION_MAJOR &&
}
if (p[1] == SSL3_VERSION_MAJOR &&
p[2] <= TLS1_2_VERSION_MINOR &&
((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
(p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s)
s->version = TLS1_2_VERSION;
s->method = TLSv1_2_client_method();
} else {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
/* fatal alert */
void (*cb)(const SSL *ssl, int type, int val) = NULL;
int j;
@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg);
s->msg_callback(0, s->version, SSL3_RT_ALERT,
p + 5, 2, s, s->msg_callback_arg);
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_AD_REASON_OFFSET + p[6]);
goto err;
}
@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s)
}
s->init_num = 0;
/* Since, if we are sending a ssl23 client hello, we are not
* reusing a session-id */
/*
* Since, if we are sending a ssl23 client hello, we are not
* reusing a session-id
*/
if (!ssl_get_new_session(s, 0))
goto err;

19
lib/libssl/s23_srvr.c
View File

@ -118,8 +118,8 @@
static const SSL_METHOD *ssl23_get_server_method(int ver);
int ssl23_get_client_hello(SSL *s);
static const SSL_METHOD
*ssl23_get_server_method(int ver)
static const SSL_METHOD *
ssl23_get_server_method(int ver)
{
if (ver == SSL3_VERSION)
return (SSLv3_server_method());
@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s)
ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
s->packet_length-2, s, s->msg_callback_arg);
p = s->packet;
p += 5;
@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s)
n2s(p, sil);
n2s(p, cl);
d = (unsigned char *)s->init_buf->data;
if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
* Client Hello, can we ? Error condition should be
* '>' otherweise */
if ((csl + sil + cl + 11) != s->packet_length)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
/*
* We can't have TLS extensions in SSL 2.0 format
* Client Hello, can we ? Error condition should be
* '>' otherwise
*/
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
SSL_R_RECORD_LENGTH_MISMATCH);
goto err;
}

283
lib/libssl/src/ssl/s23_clnt.c
View File

@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s)
return 1;
}
/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
* on failure, 1 on success. */
/*
* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
* on failure, 1 on success.
*/
int
ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
{
@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s)
unsigned char *p, *d;
int i, ch_len;
unsigned long l;
int ssl2_compat;
int version = 0, version_major, version_minor;
#ifndef OPENSSL_NO_COMP
int j;
@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s)
int ret;
unsigned long mask, options = s->options;
ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
ssl2_compat = 0;
/*
* SSL_OP_NO_X disables all protocols above X *if* there are
* some protocols below X enabled. This is required in order
@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s)
version = SSL3_VERSION;
mask &= ~SSL_OP_NO_SSLv3;
#ifndef OPENSSL_NO_TLSEXT
if (version != SSL2_VERSION) {
/* have to disable SSL 2.0 compatibility if we need TLS extensions */
if (s->tlsext_hostname != NULL)
ssl2_compat = 0;
if (s->tlsext_status_type != -1)
ssl2_compat = 0;
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
ssl2_compat = 0;
#endif
}
#endif
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
#if 0
@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s)
} else if (version == SSL3_VERSION) {
version_major = SSL3_VERSION_MAJOR;
version_minor = SSL3_VERSION_MINOR;
} else if (version == SSL2_VERSION) {
version_major = SSL2_VERSION_MAJOR;
version_minor = SSL2_VERSION_MINOR;
} else {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
return (-1);
@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s)
s->client_version = version;
if (ssl2_compat) {
/* create SSL 2.0 compatible Client Hello */
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* two byte record header will be written last */
d = &(buf[2]);
p = d + 9; /* leave space for message type, version, individual length fields */
/*
* Do the record header (5 bytes) and handshake
* message header (4 bytes) last
*/
d = p = &(buf[9]);
*(d++) = SSL2_MT_CLIENT_HELLO;
*(d++) = version_major;
*(d++) = version_minor;
*(p++) = version_major;
*(p++) = version_minor;
/* Ciphers supported */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
if (i == 0) {
/* no ciphers */
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
s2n(i, d);
p += i;
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
/* put in the session-id length (zero since there is no reuse) */
#if 0
s->session->session_id_length = 0;
#endif
s2n(0, d);
/* Session ID (zero since there is no reuse) */
*(p++) = 0;
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
ch_len = SSL2_CHALLENGE_LENGTH;
else
ch_len = SSL2_MAX_CHALLENGE_LENGTH;
/* write out sslv2 challenge */
/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
check in for futurproofing */
if (SSL3_RANDOM_SIZE < ch_len)
i = SSL3_RANDOM_SIZE;
else
i = ch_len;
s2n(i, d);
memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
return -1;
memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
p += i;
i = p- &(buf[2]);
buf[0] = ((i >> 8)&0xff)|0x80;
buf[1] = (i&0xff);
/* number of bytes to write */
s->init_num = i + 2;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[2]), i);
} else {
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* do the record header (5 bytes) and handshake message header (4 bytes) last */
d = p = &(buf[9]);
*(p++) = version_major;
*(p++) = version_minor;
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
/* Session ID (zero since there is no reuse) */
*(p++) = 0;
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char);
if (i == 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
ssl3_put_cipher_by_char);
if (i == 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO,
SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
/* Some servers hang if client hello > 256 bytes
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
/*
* Some servers hang if client hello > 256 bytes
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
if (TLS1_get_version(s) >= TLS1_2_VERSION &&
i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
s2n(i, p);
p += i;
s2n(i, p);
p += i;
/* COMPRESSION */
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
*(p++) = 1;
*(p++) = 1;
#else
if ((s->options & SSL_OP_NO_COMPRESSION) ||
!s->ctx->comp_methods)
j = 0;
else
j = sk_SSL_COMP_num(s->ctx->comp_methods);
*(p++) = 1 + j;
for (i = 0; i < j; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
*(p++) = comp->id;
}
if ((s->options & SSL_OP_NO_COMPRESSION) ||
!s->ctx->comp_methods)
j = 0;
else
j = sk_SSL_COMP_num(s->ctx->comp_methods);
*(p++) = 1 + j;
for (i = 0; i < j; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
*(p++) = comp->id;
}
#endif
*(p++)=0; /* Add the NULL method */
/* Add the NULL method */
*(p++) = 0;
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
return -1;
}
if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* TLS extensions*/
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO,
SSL_R_CLIENTHELLO_TLSEXT);
return -1;
}
if ((p = ssl_add_clienthello_tlsext(s, p,
buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
#endif
l = p - d;
l = p - d;
/* fill in 4-byte handshake header */
d = &(buf[5]);
*(d++) = SSL3_MT_CLIENT_HELLO;
l2n3(l, d);
/* fill in 4-byte handshake header */
d = &(buf[5]);
*(d++) = SSL3_MT_CLIENT_HELLO;
l2n3(l, d);
l += 4;
l += 4;
if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* fill in 5-byte record header */
d = buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
/* Some servers hang if we use long client hellos
* and a record number > TLS 1.0.
*/
if (TLS1_get_client_version(s) > TLS1_VERSION)
*(d++) = 1;
else
*(d++) = version_minor;
s2n((int)l, d);
/* number of bytes to write */
s->init_num = p - buf;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
/* fill in 5-byte record header */
d = buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
/*
* Some servers hang if we use long client hellos
* and a record number > TLS 1.0.
*/
if (TLS1_get_client_version(s) > TLS1_VERSION)
*(d++) = 1;
else
*(d++) = version_minor;
s2n((int)l, d);
/* number of bytes to write */
s->init_num = p - buf;
s->init_off = 0;
ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
s->state = SSL23_ST_CW_CLNT_HELLO_B;
s->init_off = 0;
}
@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s)
if ((ret >= 2) && s->msg_callback) {
/* Client Hello has been sent; tell msg_callback */
if (ssl2_compat)
s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg);
else
s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
}
return ret;
@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s)
memcpy(buf, p, n);
/* Old unsupported sslv2 handshake */
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02)) {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
(p[5] == 0x00) && (p[6] == 0x02)) {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
} else if (p[1] == SSL3_VERSION_MAJOR &&
}
if (p[1] == SSL3_VERSION_MAJOR &&
p[2] <= TLS1_2_VERSION_MINOR &&
((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
(p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s)
s->version = TLS1_2_VERSION;
s->method = TLSv1_2_client_method();
} else {
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
/* fatal alert */
void (*cb)(const SSL *ssl, int type, int val) = NULL;
int j;
@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg);
s->msg_callback(0, s->version, SSL3_RT_ALERT,
p + 5, 2, s, s->msg_callback_arg);
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
SSL_AD_REASON_OFFSET + p[6]);
goto err;
}
@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s)
}
s->init_num = 0;
/* Since, if we are sending a ssl23 client hello, we are not
* reusing a session-id */
/*
* Since, if we are sending a ssl23 client hello, we are not
* reusing a session-id
*/
if (!ssl_get_new_session(s, 0))
goto err;

19
lib/libssl/src/ssl/s23_srvr.c
View File

@ -118,8 +118,8 @@
static const SSL_METHOD *ssl23_get_server_method(int ver);
int ssl23_get_client_hello(SSL *s);
static const SSL_METHOD
*ssl23_get_server_method(int ver)
static const SSL_METHOD *
ssl23_get_server_method(int ver)
{
if (ver == SSL3_VERSION)
return (SSLv3_server_method());
@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s)
ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
s->packet_length-2, s, s->msg_callback_arg);
p = s->packet;
p += 5;
@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s)
n2s(p, sil);
n2s(p, cl);
d = (unsigned char *)s->init_buf->data;
if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
* Client Hello, can we ? Error condition should be
* '>' otherweise */
if ((csl + sil + cl + 11) != s->packet_length)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
/*
* We can't have TLS extensions in SSL 2.0 format
* Client Hello, can we ? Error condition should be
* '>' otherwise
*/
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
SSL_R_RECORD_LENGTH_MISMATCH);
goto err;
}

29
lib/libssl/src/ssl/ssl_asn1.c
View File

@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
l = in->cipher_id;
else
l = in->cipher->id;
if (in->ssl_version == SSL2_VERSION) {
a.cipher.length = 3;
buf[0] = ((unsigned char)(l >> 16L))&0xff;
buf[1] = ((unsigned char)(l >> 8L))&0xff;
buf[2] = ((unsigned char)(l ))&0xff;
} else {
a.cipher.length = 2;
buf[0] = ((unsigned char)(l >> 8L))&0xff;
buf[1] = ((unsigned char)(l ))&0xff;
}
a.cipher.length = 2;
buf[0] = ((unsigned char)(l >> 8L))&0xff;
buf[1] = ((unsigned char)(l ))&0xff;
#ifndef OPENSSL_NO_COMP
if (in->compress_meth) {
@ -400,16 +393,7 @@ long length)
os.data = NULL;
os.length = 0;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
if (ssl_version == SSL2_VERSION) {
if (os.length != 3) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
goto err;
}
id = 0x02000000L|
((unsigned long)os.data[0]<<16L)|
((unsigned long)os.data[1]<< 8L)|
(unsigned long)os.data[2];
} else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
if (os.length != 2) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
goto err;
@ -426,10 +410,7 @@ long length)
ret->cipher_id = id;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR)
i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
if (os.length > i)
os.length = i;

84
lib/libssl/src/ssl/ssl_lib.c
View File

@ -250,7 +250,7 @@ SSL_clear(SSL *s)
return (1);
}
/** Used to change an SSL_CTXs default SSL method type */
/* Used to change an SSL_CTXs default SSL method type */
int
SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth;
sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
&(ctx->cipher_list_by_id),
meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
&(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0);
@ -437,11 +436,13 @@ int
SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
unsigned int id_len)
{
/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
* we can "construct" a session to give us the desired check - ie. to
* find if there's a session in the hash table that would conflict with
* any new session built out of this id/id_len and the ssl_version in
* use by this SSL. */
/*
* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
* shows how we can "construct" a session to give us the desired
* check - ie. to find if there's a session in the hash table
* that would conflict with any new session built out of this
* id/id_len and the ssl_version in use by this SSL.
*/
SSL_SESSION r, *p;
if (id_len > sizeof r.session_id)
@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
r.ssl_version = ssl->version;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
* callback is calling us to check the uniqueness of a shorter ID, it
* must be compared as a padded-out ID because that is what it will be
* converted to when the callback has finished choosing it. */
if ((r.ssl_version == SSL2_VERSION) &&
(id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
memset(r.session_id + id_len, 0,
SSL2_SSL_SESSION_ID_LENGTH - id_len);
r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
}
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@ -1777,11 +1768,10 @@ SSL_CTX
if (ret->cert_store == NULL)
goto err;
ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id,
meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
if (ret->cipher_list == NULL
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ssl_create_cipher_list(ret->method, &ret->cipher_list,
&ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
if (ret->cipher_list == NULL ||
sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@ -1790,10 +1780,6 @@ SSL_CTX
if (!ret->param)
goto err;
if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
goto err2;
}
if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
goto err2;
@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i)
if (BIO_should_read(bio))
return (SSL_ERROR_WANT_READ);
else if (BIO_should_write(bio))
/* This one doesn't make too much sense ... We never try
* to write to the rbio, and an application program where
* rbio and wbio are separate couldn't even know what it
* should wait for.
* However if we ever set s->rwstate incorrectly
* (so that we have SSL_want_read(s) instead of
* SSL_want_write(s)) and rbio and wbio *are* the same,
* this test works around that bug; so it might be safer
* to keep it. */
/*
* This one doesn't make too much sense... We never
* try to write to the rbio, and an application
* program where rbio and wbio are separate couldn't
* even know what it should wait for. However if we
* ever set s->rwstate incorrectly (so that we have
* SSL_want_read(s) instead of SSL_want_write(s))
* and rbio and wbio *are* the same, this test works
* around that bug; so it might be safer to keep it.
*/
return (SSL_ERROR_WANT_WRITE);
else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i)
}
if (i == 0) {
if (s->version == SSL2_VERSION) {
/* assume it is the socket being closed */
return (SSL_ERROR_ZERO_RETURN);
} else {
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
return (SSL_ERROR_SYSCALL);
}
@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s)
return (0);
}
SSL_METHOD
*ssl_bad_method(int ver)
SSL_METHOD *
ssl_bad_method(int ver)
{
SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (NULL);
}
const char
*SSL_get_version(const SSL *s)
const char *
SSL_get_version(const SSL *s)
{
if (s->version == TLS1_2_VERSION)
return("TLSv1.2");
@ -2623,14 +2605,12 @@ const char
return("TLSv1");
else if (s->version == SSL3_VERSION)
return("SSLv3");
else if (s->version == SSL2_VERSION)
return("SSLv2");
else
return("unknown");
}
SSL
*SSL_dup(SSL *s)
SSL *
SSL_dup(SSL *s)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;

39
lib/libssl/src/ssl/ssl_locl.h
View File

@ -521,7 +521,7 @@ typedef struct cert_st {
typedef struct sess_cert_st {
STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
STACK_OF(X509) *cert_chain; /* as received from peer */
/* The 'peer_...' members are used only by clients. */
int peer_cert_type;
@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \
return &func_name##_data; \
}
#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
SSL2_VERSION, \
ssl2_new, /* local */ \
ssl2_clear, /* local */ \
ssl2_free, /* local */ \
s_accept, \
s_connect, \
ssl2_read, \
ssl2_peek, \
ssl2_write, \
ssl2_shutdown, \
ssl_ok, /* NULL - renegotiate */ \
ssl_ok, /* NULL - check renegotiate */ \
NULL, /* NULL - ssl_get_message */ \
NULL, /* NULL - ssl_get_record */ \
NULL, /* NULL - ssl_write_bytes */ \
NULL, /* NULL - dispatch_alert */ \
ssl2_ctrl, /* local */ \
ssl2_ctx_ctrl, /* local */ \
ssl2_get_cipher_by_char, \
ssl2_put_cipher_by_char, \
ssl2_pending, \
ssl2_num_ciphers, \
ssl2_get_cipher, \
s_get_meth, \
ssl2_default_timeout, \
&ssl3_undef_enc_method, \
ssl_undefined_void_function, \
ssl2_callback_ctrl, /* local */ \
ssl2_ctx_callback_ctrl, /* local */ \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
const SSL_METHOD *func_name(void) \
{ \

40
lib/libssl/src/ssl/ssl_sess.c
View File

@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session)
}
if (session) {
if (s->version == SSL2_VERSION) {
ss->ssl_version = SSL2_VERSION;
ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
} else if (s->version == SSL3_VERSION) {
ss->ssl_version = SSL3_VERSION;
switch (s->version) {
case SSL3_VERSION:
case TLS1_VERSION:
case TLS1_1_VERSION:
case TLS1_2_VERSION:
case DTLS1_BAD_VER:
case DTLS1_VERSION:
ss->ssl_version = s->version;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_VERSION) {
ss->ssl_version = TLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_1_VERSION) {
ss->ssl_version = TLS1_1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_2_VERSION) {
ss->ssl_version = TLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_BAD_VER) {
ss->ssl_version = DTLS1_BAD_VER;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_VERSION) {
ss->ssl_version = DTLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
break;
default:
SSLerr(SSL_F_SSL_GET_NEW_SESSION,
SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return (0);
}
@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session)
SSL_SESSION_free(ss);
return (0);
}
/* If the session length was shrunk and we're SSLv2, pad it */
if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
else
ss->session_id_length = tmp;
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
ss->session_id_length)) {

4
lib/libssl/src/ssl/ssl_txt.c
View File

@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
goto err;
if (BIO_puts(bp, "SSL-Session:\n")
<= 0) goto err;
if (x->ssl_version == SSL2_VERSION)
s="SSLv2";
else if (x->ssl_version == SSL3_VERSION)
if (x->ssl_version == SSL3_VERSION)
s="SSLv3";
else if (x->ssl_version == TLS1_2_VERSION)
s="TLSv1.2";

29
lib/libssl/ssl_asn1.c
View File

@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
l = in->cipher_id;
else
l = in->cipher->id;
if (in->ssl_version == SSL2_VERSION) {
a.cipher.length = 3;
buf[0] = ((unsigned char)(l >> 16L))&0xff;
buf[1] = ((unsigned char)(l >> 8L))&0xff;
buf[2] = ((unsigned char)(l ))&0xff;
} else {
a.cipher.length = 2;
buf[0] = ((unsigned char)(l >> 8L))&0xff;
buf[1] = ((unsigned char)(l ))&0xff;
}
a.cipher.length = 2;
buf[0] = ((unsigned char)(l >> 8L))&0xff;
buf[1] = ((unsigned char)(l ))&0xff;
#ifndef OPENSSL_NO_COMP
if (in->compress_meth) {
@ -400,16 +393,7 @@ long length)
os.data = NULL;
os.length = 0;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
if (ssl_version == SSL2_VERSION) {
if (os.length != 3) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
goto err;
}
id = 0x02000000L|
((unsigned long)os.data[0]<<16L)|
((unsigned long)os.data[1]<< 8L)|
(unsigned long)os.data[2];
} else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
if (os.length != 2) {
c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
goto err;
@ -426,10 +410,7 @@ long length)
ret->cipher_id = id;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR)
i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
if (os.length > i)
os.length = i;

84
lib/libssl/ssl_lib.c
View File

@ -250,7 +250,7 @@ SSL_clear(SSL *s)
return (1);
}
/** Used to change an SSL_CTXs default SSL method type */
/* Used to change an SSL_CTXs default SSL method type */
int
SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
{
@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth;
sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
&(ctx->cipher_list_by_id),
meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
&(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0);
@ -437,11 +436,13 @@ int
SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
unsigned int id_len)
{
/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
* we can "construct" a session to give us the desired check - ie. to
* find if there's a session in the hash table that would conflict with
* any new session built out of this id/id_len and the ssl_version in
* use by this SSL. */
/*
* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
* shows how we can "construct" a session to give us the desired
* check - ie. to find if there's a session in the hash table
* that would conflict with any new session built out of this
* id/id_len and the ssl_version in use by this SSL.
*/
SSL_SESSION r, *p;
if (id_len > sizeof r.session_id)
@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
r.ssl_version = ssl->version;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
* callback is calling us to check the uniqueness of a shorter ID, it
* must be compared as a padded-out ID because that is what it will be
* converted to when the callback has finished choosing it. */
if ((r.ssl_version == SSL2_VERSION) &&
(id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
memset(r.session_id + id_len, 0,
SSL2_SSL_SESSION_ID_LENGTH - id_len);
r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
}
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
@ -1777,11 +1768,10 @@ SSL_CTX
if (ret->cert_store == NULL)
goto err;
ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id,
meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
if (ret->cipher_list == NULL
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ssl_create_cipher_list(ret->method, &ret->cipher_list,
&ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
if (ret->cipher_list == NULL ||
sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@ -1790,10 +1780,6 @@ SSL_CTX
if (!ret->param)
goto err;
if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
goto err2;
}
if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
goto err2;
@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i)
if (BIO_should_read(bio))
return (SSL_ERROR_WANT_READ);
else if (BIO_should_write(bio))
/* This one doesn't make too much sense ... We never try
* to write to the rbio, and an application program where
* rbio and wbio are separate couldn't even know what it
* should wait for.
* However if we ever set s->rwstate incorrectly
* (so that we have SSL_want_read(s) instead of
* SSL_want_write(s)) and rbio and wbio *are* the same,
* this test works around that bug; so it might be safer
* to keep it. */
/*
* This one doesn't make too much sense... We never
* try to write to the rbio, and an application
* program where rbio and wbio are separate couldn't
* even know what it should wait for. However if we
* ever set s->rwstate incorrectly (so that we have
* SSL_want_read(s) instead of SSL_want_write(s))
* and rbio and wbio *are* the same, this test works
* around that bug; so it might be safer to keep it.
*/
return (SSL_ERROR_WANT_WRITE);
else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i)
}
if (i == 0) {
if (s->version == SSL2_VERSION) {
/* assume it is the socket being closed */
return (SSL_ERROR_ZERO_RETURN);
} else {
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
return (SSL_ERROR_SYSCALL);
}
@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s)
return (0);
}
SSL_METHOD
*ssl_bad_method(int ver)
SSL_METHOD *
ssl_bad_method(int ver)
{
SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (NULL);
}
const char
*SSL_get_version(const SSL *s)
const char *
SSL_get_version(const SSL *s)
{
if (s->version == TLS1_2_VERSION)
return("TLSv1.2");
@ -2623,14 +2605,12 @@ const char
return("TLSv1");
else if (s->version == SSL3_VERSION)
return("SSLv3");
else if (s->version == SSL2_VERSION)
return("SSLv2");
else
return("unknown");
}
SSL
*SSL_dup(SSL *s)
SSL *
SSL_dup(SSL *s)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;

39
lib/libssl/ssl_locl.h
View File

@ -521,7 +521,7 @@ typedef struct cert_st {
typedef struct sess_cert_st {
STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
STACK_OF(X509) *cert_chain; /* as received from peer */
/* The 'peer_...' members are used only by clients. */
int peer_cert_type;
@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \
return &func_name##_data; \
}
#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
SSL2_VERSION, \
ssl2_new, /* local */ \
ssl2_clear, /* local */ \
ssl2_free, /* local */ \
s_accept, \
s_connect, \
ssl2_read, \
ssl2_peek, \
ssl2_write, \
ssl2_shutdown, \
ssl_ok, /* NULL - renegotiate */ \
ssl_ok, /* NULL - check renegotiate */ \
NULL, /* NULL - ssl_get_message */ \
NULL, /* NULL - ssl_get_record */ \
NULL, /* NULL - ssl_write_bytes */ \
NULL, /* NULL - dispatch_alert */ \
ssl2_ctrl, /* local */ \
ssl2_ctx_ctrl, /* local */ \
ssl2_get_cipher_by_char, \
ssl2_put_cipher_by_char, \
ssl2_pending, \
ssl2_num_ciphers, \
ssl2_get_cipher, \
s_get_meth, \
ssl2_default_timeout, \
&ssl3_undef_enc_method, \
ssl_undefined_void_function, \
ssl2_callback_ctrl, /* local */ \
ssl2_ctx_callback_ctrl, /* local */ \
}; \
return &func_name##_data; \
}
#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
const SSL_METHOD *func_name(void) \
{ \

40
lib/libssl/ssl_sess.c
View File

@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session)
}
if (session) {
if (s->version == SSL2_VERSION) {
ss->ssl_version = SSL2_VERSION;
ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
} else if (s->version == SSL3_VERSION) {
ss->ssl_version = SSL3_VERSION;
switch (s->version) {
case SSL3_VERSION:
case TLS1_VERSION:
case TLS1_1_VERSION:
case TLS1_2_VERSION:
case DTLS1_BAD_VER:
case DTLS1_VERSION:
ss->ssl_version = s->version;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_VERSION) {
ss->ssl_version = TLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_1_VERSION) {
ss->ssl_version = TLS1_1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == TLS1_2_VERSION) {
ss->ssl_version = TLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_BAD_VER) {
ss->ssl_version = DTLS1_BAD_VER;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else if (s->version == DTLS1_VERSION) {
ss->ssl_version = DTLS1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
} else {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
break;
default:
SSLerr(SSL_F_SSL_GET_NEW_SESSION,
SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
return (0);
}
@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session)
SSL_SESSION_free(ss);
return (0);
}
/* If the session length was shrunk and we're SSLv2, pad it */
if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
else
ss->session_id_length = tmp;
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
ss->session_id_length)) {

4
lib/libssl/ssl_txt.c
View File

@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
goto err;
if (BIO_puts(bp, "SSL-Session:\n")
<= 0) goto err;
if (x->ssl_version == SSL2_VERSION)
s="SSLv2";
else if (x->ssl_version == SSL3_VERSION)
if (x->ssl_version == SSL3_VERSION)
s="SSLv3";
else if (x->ssl_version == TLS1_2_VERSION)
s="TLSv1.2";