195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * All rights reserved. 395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This package is an SSL implementation written 595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * by Eric Young (eay@cryptsoft.com). 695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The implementation was written so as to conform with Netscapes SSL. 795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This library is free for commercial and non-commercial use as long as 995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the following conditions are aheared to. The following conditions 1095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * apply to all code found in this distribution, be it the RC4, RSA, 1195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * included with this distribution is covered by the same copyright terms 1395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 1695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the code are not to be removed. 1795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * If this package is used in a product, Eric Young should be given attribution 1895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * as the author of the parts of the library used. 1995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This can be in the form of a textual message at program startup or 2095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * in documentation (online or textual) provided with the package. 2195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 2395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 2495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 2595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the copyright 2695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 2795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 2895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in the 2995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * documentation and/or other materials provided with the distribution. 3095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this software 3195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * must display the following acknowledgement: 3295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes cryptographic software written by 3395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Eric Young (eay@cryptsoft.com)" 3495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The word 'cryptographic' can be left out if the rouines from the library 3595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * being used are not cryptographic related :-). 3695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 3795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the apps directory (application code) you must include an acknowledgement: 3895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 3995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 4995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SUCH DAMAGE. 5195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * The licence and distribution terms for any publically available version or 5395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 5495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * copied and put under another distribution licence 5595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * [including the GNU Public Licence.] 5695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 5795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* ==================================================================== 5895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 5995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Redistribution and use in source and binary forms, with or without 6195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * modification, are permitted provided that the following conditions 6295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * are met: 6395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 1. Redistributions of source code must retain the above copyright 6595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer. 6695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 2. Redistributions in binary form must reproduce the above copyright 6895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * notice, this list of conditions and the following disclaimer in 6995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * the documentation and/or other materials provided with the 7095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * distribution. 7195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 3. All advertising materials mentioning features or use of this 7395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * software must display the following acknowledgment: 7495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 7595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 7795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * endorse or promote products derived from this software without 7995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * prior written permission. For written permission, please contact 8095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * openssl-core@openssl.org. 8195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 8295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 5. Products derived from this software may not be called "OpenSSL" 8395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * nor may "OpenSSL" appear in their names without prior written 8495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * permission of the OpenSSL Project. 8595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 8695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 6. Redistributions of any form whatsoever must retain the following 8795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * acknowledgment: 8895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * "This product includes software developed by the OpenSSL Project 8995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 9195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 9995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 10395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * ==================================================================== 10495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * 10595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * This product includes cryptographic software written by Eric Young 10695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * (eay@cryptsoft.com). This product includes software written by Tim 10795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * Hudson (tjh@cryptsoft.com). */ 10895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 10995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <stdio.h> 11095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/buf.h> 11295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/err.h> 11395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/evp.h> 11495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/obj.h> 11595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include <openssl/rand.h> 11695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley#include "ssl_locl.h" 11895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 11995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const SSL_METHOD *ssl23_get_client_method(int ver); 12095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int ssl23_client_hello(SSL *s); 12195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int ssl23_get_server_hello(SSL *s); 12295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic const SSL_METHOD *ssl23_get_client_method(int ver) 12395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 12430ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin /* When SSL_set_session is called, do NOT switch to the version-specific 12530ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * method table. The server may still negotiate a different version when 12630ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * rejecting the session. 12730ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * 12830ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * TODO(davidben): Clean this up. This duplicates logic from the 12930ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * version-specific tables. https://crbug.com/403378 */ 13030ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin return SSLv23_client_method(); 13195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 13295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13395c29f3cd1f6c08c6c0927868683392eea727ccAdam LangleyIMPLEMENT_ssl23_meth_func(SSLv23_client_method, 13495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl_undefined_function, 13595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl23_connect, 13695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl23_get_client_method) 13795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 13895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint ssl23_connect(SSL *s) 13995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 14095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BUF_MEM *buf=NULL; 14195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void (*cb)(const SSL *ssl,int type,int val)=NULL; 14295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret= -1; 14395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int new_state,state; 14495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ERR_clear_error(); 14695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ERR_clear_system_error(); 14795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 14895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->info_callback != NULL) 14995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->info_callback; 15095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->ctx->info_callback != NULL) 15195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->ctx->info_callback; 15295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 15395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->in_handshake++; 15495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 15595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 15695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley for (;;) 15795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 15895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley state=s->state; 15995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley switch(s->state) 16195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 16295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_BEFORE: 16395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_CONNECT: 16495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_BEFORE|SSL_ST_CONNECT: 16595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL_ST_OK|SSL_ST_CONNECT: 16695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 16795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->server=0; 16895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 16995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* s->version=TLS1_VERSION; */ 17195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->type=SSL_ST_CONNECT; 17295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 17395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->init_buf == NULL) 17495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 17595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((buf=BUF_MEM_new()) == NULL) 17695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 17795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 17895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 17995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 18095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 18195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 18295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 18395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 18495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 18595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_buf=buf; 18695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley buf=NULL; 18795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 18895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 18995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 19095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ssl3_init_finished_mac(s); 19295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL23_ST_CW_CLNT_HELLO_A; 19495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->ctx->stats.sess_connect++; 19595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 19695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 19795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 19895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL23_ST_CW_CLNT_HELLO_A: 19995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL23_ST_CW_CLNT_HELLO_B: 20095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->shutdown=0; 20295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl23_client_hello(s); 20395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret <= 0) goto end; 20495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL23_ST_CR_SRVR_HELLO_A; 20595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 20695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley break; 20895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 20995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL23_ST_CR_SRVR_HELLO_A: 21095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley case SSL23_ST_CR_SRVR_HELLO_B: 21195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret=ssl23_get_server_hello(s); 21295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ret >= 0) cb=NULL; 21395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 21495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* break; */ 21595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 21695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley default: 21795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_connect, SSL_R_UNKNOWN_STATE); 21895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret= -1; 21995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto end; 22095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* break; */ 22195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 22295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->debug) { (void)BIO_flush(s->wbio); } 22495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 22595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((cb != NULL) && (s->state != state)) 22695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 22795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley new_state=s->state; 22895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=state; 22995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb(s,SSL_CB_CONNECT_LOOP,1); 23095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=new_state; 23195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 23295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 23395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyend: 23495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->in_handshake--; 23595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (buf != NULL) 23695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley BUF_MEM_free(buf); 23795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) 23895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb(s,SSL_CB_CONNECT_EXIT,ret); 23995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(ret); 24095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 24195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 24295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 24395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * on failure, 1 on success. */ 24495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyint ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 24595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 24695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int send_time = 0; 24795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (len < 4) 24895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return 0; 24995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (server) 25095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; 25195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 25295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; 25395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (send_time) 25495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 25595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned long Time = (unsigned long)time(NULL); 25695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *p = result; 25795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley l2n(Time, p); 25895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return RAND_pseudo_bytes(p, len-4); 25995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 26095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 26195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return RAND_pseudo_bytes(result, len); 26295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 26395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 26495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int ssl23_client_hello(SSL *s) 26595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 26695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *buf; 26795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *p,*d; 2680eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin int i; 26995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned long l; 27095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int version = 0, version_major, version_minor; 27195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int ret; 27295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned long mask, options = s->options; 27395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 27495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* 27595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * SSL_OP_NO_X disables all protocols above X *if* there are 27695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * some protocols below X enabled. This is required in order 27795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * to maintain "version capability" vector contiguous. So 27895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * that if application wants to disable TLS1.0 in favour of 27995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the 28095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. 28195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley */ 2827f520dbd8d4e0006f6c8279c681ee149c961c104David Benjamin mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; 28395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version = TLS1_2_VERSION; 28495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) 28595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version = TLS1_1_VERSION; 28695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley mask &= ~SSL_OP_NO_TLSv1_1; 28795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) 28895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version = TLS1_VERSION; 28995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley mask &= ~SSL_OP_NO_TLSv1; 29095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) 29195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version = SSL3_VERSION; 29295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley mask &= ~SSL_OP_NO_SSLv3; 29395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 29495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley buf=(unsigned char *)s->init_buf->data; 29595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 29695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 29730ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin /* Check if the session is resumable. If not, drop it. */ 29830ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (s->session != NULL) 29995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 30030ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (s->session->ssl_version > version || 30130ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin s->session->session_id_length == 0 || 30230ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin s->session->not_resumable) 30330ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin { 30430ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin SSL_SESSION_free(s->session); 30530ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin s->session = NULL; 30630ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin } 30795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 30895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 30995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley p=s->s3->client_random; 31095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) 31195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return -1; 31295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 31395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (version == TLS1_2_VERSION) 31495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 31595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_major = TLS1_2_VERSION_MAJOR; 31695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_minor = TLS1_2_VERSION_MINOR; 31795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 31895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (version == TLS1_1_VERSION) 31995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 32095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_major = TLS1_1_VERSION_MAJOR; 32195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_minor = TLS1_1_VERSION_MINOR; 32295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (version == TLS1_VERSION) 32495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 32595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_major = TLS1_VERSION_MAJOR; 32695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_minor = TLS1_VERSION_MINOR; 32795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 32895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (version == SSL3_VERSION) 32995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_major = SSL3_VERSION_MAJOR; 33195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_minor = SSL3_VERSION_MINOR; 33295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (version == SSL2_VERSION) 33495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 33595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_major = SSL2_VERSION_MAJOR; 33695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley version_minor = SSL2_VERSION_MINOR; 33795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 33895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 33995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 34095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_PROTOCOLS_AVAILABLE); 34195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(-1); 34295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 34395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 34495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->client_version = version; 34595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3460eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* create Client Hello in SSL 3.0/TLS 1.0 format */ 34795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3480eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* do the record header (5 bytes) and handshake message 3490eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * header (4 bytes) last. Note: the final argument to 3500eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * ssl_add_clienthello_tlsext below depends on the size 3510eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * of this prefix. */ 3520eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin d = p = &(buf[9]); 35395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3540eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(p++) = version_major; 3550eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(p++) = version_minor; 35695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3570eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* Random stuff */ 3580eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 3590eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin p += SSL3_RANDOM_SIZE; 36095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 36130ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin /* Session ID */ 36230ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (s->new_session || s->session == NULL) 36330ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin i=0; 36430ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin else 36530ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin i=s->session->session_id_length; 36630ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin *(p++)=i; 36730ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (i != 0) 36830ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin { 36930ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (i > (int)sizeof(s->session->session_id)) 37030ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin { 37130ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR); 37230ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin return -1; 37330ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin } 37430ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin memcpy(p,s->session->session_id,i); 37530ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin p+=i; 37630ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin } 37795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3780eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 37939482a13aca033b72118807fadd152207e0fad8aDavid Benjamin i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); 3800eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin if (i == 0) 3810eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin { 3820eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE); 3830eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin return -1; 3840eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin } 3850eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s2n(i,p); 3860eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin p+=i; 38795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3880eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* COMPRESSION */ 3890eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(p++)=1; 3900eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(p++)=0; /* Add the NULL method */ 39195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 3920eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* TLS extensions*/ 3930eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin if (ssl_prepare_clienthello_tlsext(s) <= 0) 3940eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin { 3950eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_CLIENTHELLO_TLSEXT); 3960eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin return -1; 3970eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin } 398b0c235ed366d10674542db784668fe3e13f23709Adam Langley 3990eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* The buffer includes the 5 byte record header, so 4000eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * subtract it to compute hlen for 4010eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * ssl_add_clienthello_tlsext. */ 4020eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL) 4030eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin { 4040eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR); 4050eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin return -1; 4060eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin } 40795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4080eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin l = p-d; 40995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4100eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* fill in 4-byte handshake header */ 4110eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin d=&(buf[5]); 4120eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(d++)=SSL3_MT_CLIENT_HELLO; 4130eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin l2n3(l,d); 41495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4150eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin l += 4; 41695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4170eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin if (l > SSL3_RT_MAX_PLAIN_LENGTH) 4180eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin { 4190eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, ERR_R_INTERNAL_ERROR); 4200eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin return -1; 42195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 42295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4230eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* fill in 5-byte record header */ 4240eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin d=buf; 4250eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(d++) = SSL3_RT_HANDSHAKE; 4260eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(d++) = version_major; 4270eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* Some servers hang if we use long client hellos 4280eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin * and a record number > TLS 1.0. 4290eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin */ 4300eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin if (TLS1_get_client_version(s) > TLS1_VERSION) 4310eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(d++) = 1; 4320eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin else 4330eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin *(d++) = version_minor; 4340eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s2n((int)l,d); 4350eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin 4360eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin /* number of bytes to write */ 4370eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s->init_num=p-buf; 4380eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s->init_off=0; 4390eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin 4400eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); 4410eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin 44295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL23_ST_CW_CLNT_HELLO_B; 44395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_off=0; 44495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 44595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* SSL3_ST_CW_CLNT_HELLO_B */ 44795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ret = ssl23_write_bytes(s); 44895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 44995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((ret >= 2) && s->msg_callback) 45095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 45195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* Client Hello has been sent; tell msg_callback */ 45295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 4530eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, s, s->msg_callback_arg); 4540eb17906ab03bd3f8d2e83bc08abf94caf0ff489David Benjamin s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); 45595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 45795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return ret; 45895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 45995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleystatic int ssl23_get_server_hello(SSL *s) 46195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 46295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley char buf[8]; 46395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley unsigned char *p; 46495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int i; 46595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int n; 46695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley n=ssl23_read_bytes(s,7); 46895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 46995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (n != 7) return(n); 47095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley p=s->packet; 47195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 47295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memcpy(buf,p,n); 47395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 47495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 47595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (p[5] == 0x00) && (p[6] == 0x02)) 47695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 47795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_get_server_hello, SSL_R_UNSUPPORTED_PROTOCOL); 47895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 47995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 48095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (p[1] == SSL3_VERSION_MAJOR && 48195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley p[2] <= TLS1_2_VERSION_MINOR && 48295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 48395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) 48495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 48595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* we have sslv3 or tls1 (server hello or alert) */ 48695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 48795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if ((p[2] == SSL3_VERSION_MINOR) && 48895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(s->options & SSL_OP_NO_SSLv3)) 48995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 49095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->version=SSL3_VERSION; 49195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method=SSLv3_client_method(); 49295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 49395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if ((p[2] == TLS1_VERSION_MINOR) && 49495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(s->options & SSL_OP_NO_TLSv1)) 49595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 49695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->version=TLS1_VERSION; 49795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method=TLSv1_client_method(); 49895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 49995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if ((p[2] == TLS1_1_VERSION_MINOR) && 50095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(s->options & SSL_OP_NO_TLSv1_1)) 50195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 50295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->version=TLS1_1_VERSION; 50395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method=TLSv1_1_client_method(); 50495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 50595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if ((p[2] == TLS1_2_VERSION_MINOR) && 50695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley !(s->options & SSL_OP_NO_TLSv1_2)) 50795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 50895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->version=TLS1_2_VERSION; 50995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->method=TLSv1_2_client_method(); 51095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 51295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 51395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_get_server_hello, SSL_R_UNSUPPORTED_PROTOCOL); 51495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 51595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 51695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 51795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) 51895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 51995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* fatal alert */ 52095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley void (*cb)(const SSL *ssl,int type,int val)=NULL; 52295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley int j; 52395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->info_callback != NULL) 52595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->info_callback; 52695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else if (s->ctx->info_callback != NULL) 52795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb=s->ctx->info_callback; 52895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 52995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley i=p[5]; 53095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (cb != NULL) 53195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 53295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley j=(i<<8)|p[6]; 53395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley cb(s,SSL_CB_READ_ALERT,j); 53495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 53595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 53695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->msg_callback) 53795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 53895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->msg_callback(0, s->version, SSL3_RT_HEADER, p, 5, s, s->msg_callback_arg); 53995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); 54095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->rwstate=SSL_NOTHING; 54395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_get_server_hello, SSL_AD_REASON_OFFSET + p[6]); 54495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 54595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 54695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl_init_wbio_buffer(s,1)) goto err; 54895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 54995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* we are in this state */ 55095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->state=SSL3_ST_CR_SRVR_HELLO_A; 55195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 55295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley /* put the 7 bytes we have read into the input buffer 55395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley * for SSLv3 */ 55495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->rstate=SSL_ST_READ_HEADER; 55595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->packet_length=n; 55695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (s->s3->rbuf.buf == NULL) 55795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley if (!ssl3_setup_read_buffer(s)) 55895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 55995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->packet= &(s->s3->rbuf.buf[0]); 56095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley memcpy(s->packet,buf,n); 56195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->rbuf.left=n; 56295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->s3->rbuf.offset=0; 56395c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 56495c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->handshake_func=s->method->ssl_connect; 56595c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 56695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley else 56795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley { 56895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley OPENSSL_PUT_ERROR(SSL, ssl23_get_server_hello, SSL_R_UNKNOWN_PROTOCOL); 56995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 57095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 57195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley s->init_num=0; 57295c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57330ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin /* If there was no session to resume, now that the final version is 57430ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin * determined, insert a fresh one. */ 57530ddb434bfb845356fbacb6b2bd51f8814c7043cDavid Benjamin if (s->session == NULL && !ssl_get_new_session(s,0)) 57695c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley goto err; 57795c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley 57895c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(SSL_connect(s)); 57995c29f3cd1f6c08c6c0927868683392eea727ccAdam Langleyerr: 58095c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley return(-1); 58195c29f3cd1f6c08c6c0927868683392eea727ccAdam Langley } 582