1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/s23_srvr.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/buffer.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 118392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 119392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/fips.h> 120392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_server_method(int ver); 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_get_client_hello(SSL *s); 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_server_method(int ver) 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SSL2 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL2_VERSION) 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv2_server_method()); 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL3_VERSION) 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv3_server_method()); 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (ver == TLS1_VERSION) 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(TLSv1_server_method()); 134392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_1_VERSION) 135392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_1_server_method()); 136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_2_VERSION) 137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_2_server_method()); 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_ssl23_meth_func(SSLv23_server_method, 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_accept, 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_undefined_function, 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_get_server_method) 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_accept(SSL *s) 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM *buf; 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long Time=(unsigned long)time(NULL); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void (*cb)(const SSL *ssl,int type,int val)=NULL; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int new_state,state; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_add(&Time,sizeof(Time),0); 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clear_sys_error(); 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->info_callback != NULL) 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->info_callback; 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->ctx->info_callback != NULL) 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->ctx->info_callback; 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake++; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project state=s->state; 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(s->state) 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE: 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_ACCEPT: 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE|SSL_ST_ACCEPT: 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_OK|SSL_ST_ACCEPT: 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=1; 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->version=SSL3_VERSION; */ 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->type=SSL_ST_ACCEPT; 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf == NULL) 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf=BUF_MEM_new()) == NULL) 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=buf; 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_init_finished_mac(s); 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_A; 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_accept++; 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_SR_CLNT_HELLO_A: 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_SR_CLNT_HELLO_B: 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl23_get_client_hello(s); 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret >= 0) cb=NULL; 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((cb != NULL) && (s->state != state)) 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_state=s->state; 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=state; 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_ACCEPT_LOOP,1); 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=new_state; 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake--; 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_ACCEPT_EXIT,ret); 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_get_client_hello(SSL *s) 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf_space[11]; /* Request this many bytes in initial read. 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We can detect SSL 3.0/TLS 1.0 Client Hellos 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ('type == 3') correctly only when the following 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * is in a single record, which is not guaranteed by 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the protocol specification: 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Byte Content 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 0 type \ 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1/2 version > record header 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3/4 length / 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5 msg_type \ 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6-8 length > Client Hello message 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9/10 client_version / 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *buf= &(buf_space[0]); 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d,*d_len,*dd; 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int i; 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int csl,sil,cl; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int n=0,j; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int type=0; 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int v[2]; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* read the initial header */ 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=v[1]=0; 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_setup_buffers(s)) goto err; 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=ssl23_read_bytes(s, sizeof buf_space); 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(buf,p,n); 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSLv2 header 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[3] == 0x00) && (p[4] == 0x02)) 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[3]; v[1]=p[4]; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSLv2 */ 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->options & SSL_OP_NO_SSLv2)) 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (p[3] == SSL3_VERSION_MAJOR) 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[3]; v[1]=p[4]; 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSLv3/TLSv1 */ 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[4] >= TLS1_VERSION_MINOR) 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 293392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p[4] >= TLS1_2_VERSION_MINOR && 294392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_2)) 295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_2_VERSION; 297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->state=SSL23_ST_SR_CLNT_HELLO_B; 298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (p[4] >= TLS1_1_VERSION_MINOR && 300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_1)) 301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_1_VERSION; 303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* type=2; */ /* done later to survive restarts */ 304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->state=SSL23_ST_SR_CLNT_HELLO_B; 305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (!(s->options & SSL_OP_NO_TLSv1)) 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ /* done later to survive restarts */ 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv2)) 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv2)) 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((p[0] == SSL3_RT_HANDSHAKE) && 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (p[1] == SSL3_VERSION_MAJOR) && 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (p[5] == SSL3_MT_CLIENT_HELLO) && 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((p[3] == 0 && p[4] < 5 /* silly record length? */) 33898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom || (p[9] >= p[1]))) 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSLv3 or tls1 header 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We must look at client_version inside the Client Hello message 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to get the correct minor version. 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * However if we have only a pathologically small fragment of the 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Client Hello message, this would be difficult, and we'd have 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to read more records to find out. 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * No known SSL 3.0 client fragments ClientHello like this, 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so we simply assume TLS 1.0 to avoid protocol version downgrade 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * attacks. */ 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[3] == 0 && p[4] < 6) 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[1] = TLS1_VERSION_MINOR; 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 36298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* if major version number > 3 set minor to a value 36398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * which will use the highest version 3 we support. 36498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * If TLS 2.0 ever appears we will need to revise 36598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * this.... 36698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 36798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (p[9] > SSL3_VERSION_MAJOR) 36898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom v[1]=0xff; 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[1]=p[10]; /* minor version according to client_version */ 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (v[1] >= TLS1_VERSION_MINOR) 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (v[1] >= TLS1_2_VERSION_MINOR && 374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_2)) 375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_2_VERSION; 377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom type=3; 378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (v[1] >= TLS1_1_VERSION_MINOR && 380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_1)) 381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_1_VERSION; 383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom type=3; 384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (!(s->options & SSL_OP_NO_TLSv1)) 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* client requests SSL 3.0 */ 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->options & SSL_OP_NO_SSLv3)) 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_TLSv1)) 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we won't be able to use TLS of course, 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * but this will send an appropriate alert */ 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((strncmp("GET ", (char *)p,4) == 0) || 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("POST ",(char *)p,5) == 0) || 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("HEAD ",(char *)p,5) == 0) || 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("PUT ", (char *)p,4) == 0)) 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strncmp("CONNECT",(char *)p,7) == 0) 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 428392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (FIPS_mode() && (s->version < TLS1_VERSION)) 430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, 432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL23_ST_SR_CLNT_HELLO_B) 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have SSLv3/TLSv1 in an SSLv2 header 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (other cases skip this state) */ 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=2; 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[1] = p[4]; 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4471fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu/* The SSL2 protocol allows n to be larger, just pick 4481fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu * a reasonable buffer size. */ 4491fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD 4501fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small." 4511fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu#endif 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=((p[0]&0x7f)<<8)|p[1]; 4531fada29eaaa2a758ba3f68ee9ede8b6715673146Nagendra Modadugu if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2) 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=ssl23_read_bytes(s,n+2); 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j <= 0) return(j); 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_finish_mac(s, s->packet+2, s->packet_length-2); 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->msg_callback) 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=5; 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,csl); 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,sil); 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,cl); 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=(unsigned char *)s->init_buf->data; 472221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format 473221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Client Hello, can we? Error condition should be 474221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * '>' otherweise */ 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* record header: msg_type ... */ 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL3_MT_CLIENT_HELLO; 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ... and length (actual value will be written later) */ 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d_len = d; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d += 3; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* client_version */ 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = v[1]; 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lets populate the random area */ 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the challenge_length */ 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(d,0,SSL3_RANDOM_SIZE); 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d+=SSL3_RANDOM_SIZE; 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* no session-id reuse */ 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=0; 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ciphers */ 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dd=d; 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d+=2; 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<csl; i+=3) 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[i] != 0) continue; 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=p[i+1]; 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=p[i+2]; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j+=2; 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(j,dd); 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* COMPRESSION */ 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=1; 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=0; 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 517221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 518221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* copy any remaining data with may be extensions */ 519221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom p = p+csl+sil+cl; 520221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom while (p < s->packet+s->packet_length) 521221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 522221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(d++)=*(p++); 523221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 524221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 525221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = (d-(unsigned char *)s->init_buf->data) - 4; 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3((long)i, d_len); 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the data reused from the init_buf */ 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.message_size=i; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* imaginary new state (for program structure): */ 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->state = SSL23_SR_CLNT_HELLO_C */ 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == 1) 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_SSL2 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we are talking sslv2 */ 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we need to clean up the SSLv3/TLSv1 setup and put in the 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * sslv2 stuff. */ 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s2 == NULL) 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl2_new(s)) 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl2_clear(s); 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3 != NULL) ssl3_free(s); 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow_clean(s->init_buf, 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL2_ST_GET_CLIENT_HELLO_A; 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->ssl2_rollback=0; 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (SSL 3.0 draft/RFC 2246, App. E.2) */ 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->ssl2_rollback=1; 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* setup the n bytes we have read so we get them from 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the sslv2 buffer */ 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=n; 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet= &(s->s2->rbuf[0]); 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->packet,buf,n); 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_left=n; 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_offs=0; 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=SSLv2_server_method(); 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_accept; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((type == 2) || (type == 3)) 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_init_wbio_buffer(s,1)) goto err; 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we are in this state */ 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_SR_CLNT_HELLO_A; 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == 3) 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* put the 'n' bytes we have read into the input buffer 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for SSLv3 */ 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=n; 601221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->rbuf.buf == NULL) 602221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ssl3_setup_read_buffer(s)) 603221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet= &(s->s3->rbuf.buf[0]); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->packet,buf,n); 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.left=n; 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.offset=0; 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=0; 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.left=0; 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.offset=0; 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 616392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->version == TLS1_2_VERSION) 617392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->method = TLSv1_2_server_method(); 618392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (s->version == TLS1_1_VERSION) 619392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->method = TLSv1_1_server_method(); 620392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (s->version == TLS1_VERSION) 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method = TLSv1_server_method(); 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method = SSLv3_server_method(); 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* ssl3_get_client_hello does this */ 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->client_version=(v[0]<<8)|v[1]; 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_accept; 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((type < 1) || (type > 3)) 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* bad, very bad */ 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != buf_space) OPENSSL_free(buf); 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_accept(s)); 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != buf_space) OPENSSL_free(buf); 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 644