1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/s23_clnt.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Redistribution and use in source and binary forms, with or without 62221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * modification, are permitted provided that the following conditions 63221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * are met: 64221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 65221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 66221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer. 67221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 68221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 69221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * notice, this list of conditions and the following disclaimer in 70221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the documentation and/or other materials provided with the 71221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * distribution. 72221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 73221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 3. All advertising materials mentioning features or use of this 74221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * software must display the following acknowledgment: 75221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 76221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 78221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * endorse or promote products derived from this software without 80221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * prior written permission. For written permission, please contact 81221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * openssl-core@openssl.org. 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 83221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 84221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * permission of the OpenSSL Project. 86221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 87221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 88221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * acknowledgment: 89221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * "This product includes software developed by the OpenSSL Project 90221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ==================================================================== 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * This product includes cryptographic software written by Eric Young 107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Hudson (tjh@cryptsoft.com). 109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 110221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/buffer.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_client_method(int ver); 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ssl23_client_hello(SSL *s); 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ssl23_get_server_hello(SSL *s); 122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_client_method(int ver) 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SSL2 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL2_VERSION) 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv2_client_method()); 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 128c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#ifndef OPENSSL_NO_SSL3 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL3_VERSION) 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv3_client_method()); 131c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#endif 132c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (ver == TLS1_VERSION) 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(TLSv1_client_method()); 134392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_1_VERSION) 135392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_1_client_method()); 136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_2_VERSION) 137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_2_client_method()); 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_ssl23_meth_func(SSLv23_client_method, 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_undefined_function, 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_connect, 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_get_client_method) 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_connect(SSL *s) 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM *buf=NULL; 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long Time=(unsigned long)time(NULL); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void (*cb)(const SSL *ssl,int type,int val)=NULL; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int new_state,state; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_add(&Time,sizeof(Time),0); 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clear_sys_error(); 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->info_callback != NULL) 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->info_callback; 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->ctx->info_callback != NULL) 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->ctx->info_callback; 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake++; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project state=s->state; 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(s->state) 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE: 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_CONNECT: 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE|SSL_ST_CONNECT: 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_OK|SSL_ST_CONNECT: 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session != NULL) 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=0; 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->version=TLS1_VERSION; */ 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->type=SSL_ST_CONNECT; 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf == NULL) 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf=BUF_MEM_new()) == NULL) 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=buf; 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=NULL; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_init_finished_mac(s); 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_CW_CLNT_HELLO_A; 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_connect++; 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_CW_CLNT_HELLO_A: 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_CW_CLNT_HELLO_B: 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl23_client_hello(s); 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) goto end; 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_CR_SRVR_HELLO_A; 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_CR_SRVR_HELLO_A: 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_CR_SRVR_HELLO_B: 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl23_get_server_hello(s); 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret >= 0) cb=NULL; 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->debug) { (void)BIO_flush(s->wbio); } 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((cb != NULL) && (s->state != state)) 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_state=s->state; 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=state; 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_CONNECT_LOOP,1); 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=new_state; 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake--; 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM_free(buf); 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_CONNECT_EXIT,ret); 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 259221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int ssl23_no_ssl2_ciphers(SSL *s) 260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 261221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CIPHER *cipher; 262221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(SSL_CIPHER) *ciphers; 263221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i; 264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ciphers = SSL_get_ciphers(s); 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) 266221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 267221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cipher = sk_SSL_CIPHER_value(ciphers, i); 268221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cipher->algorithm_ssl == SSL_SSLV2) 269221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 270221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 271221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 272221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 274ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 275ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root * on failure, 1 on success. */ 276ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Rootint ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) 277ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root { 278ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root int send_time = 0; 279ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root 280ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root if (len < 4) 281ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root return 0; 282ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root if (server) 283ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; 284ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root else 285ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; 286ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root if (send_time) 287ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root { 2887f7ea2d72f2e316ba518e82f06513e3477840c15Kenny Root unsigned long Time = (unsigned long)time(NULL); 289ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root unsigned char *p = result; 290ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root l2n(Time, p); 291ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root return RAND_pseudo_bytes(p, len-4); 292ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root } 293ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root else 294ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root return RAND_pseudo_bytes(result, len); 295ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root } 296ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ssl23_client_hello(SSL *s) 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d; 30198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int i,ch_len; 302ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root unsigned long l; 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ssl2_compat; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int version = 0, version_major, version_minor; 30598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifndef OPENSSL_NO_COMP 30698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int j; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_COMP *comp; 30898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret; 310f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom unsigned long mask, options = s->options; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 312f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 314221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) 315221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl2_compat = 0; 316f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom 317f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom /* 318f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * SSL_OP_NO_X disables all protocols above X *if* there are 319f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * some protocols below X enabled. This is required in order 320f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * to maintain "version capability" vector contiguous. So 321f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * that if application wants to disable TLS1.0 in favour of 322f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the 323f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. 324f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom */ 325f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 326f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#if !defined(OPENSSL_NO_SSL3) 327f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom |SSL_OP_NO_SSLv3 328a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom#endif 329f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#if !defined(OPENSSL_NO_SSL2) 330f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom |(ssl2_compat?SSL_OP_NO_SSLv2:0) 331f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#endif 332f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom ; 333f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#if !defined(OPENSSL_NO_TLS1_2_CLIENT) 334f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom version = TLS1_2_VERSION; 335f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom 336f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) 337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom version = TLS1_1_VERSION; 338f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#else 339f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom version = TLS1_1_VERSION; 340f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#endif 341f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom mask &= ~SSL_OP_NO_TLSv1_1; 342f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version = TLS1_VERSION; 344f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom mask &= ~SSL_OP_NO_TLSv1; 345f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#if !defined(OPENSSL_NO_SSL3) 346f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version = SSL3_VERSION; 348f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom mask &= ~SSL_OP_NO_SSLv3; 349f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#endif 350f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#if !defined(OPENSSL_NO_SSL2) 351f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask) 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version = SSL2_VERSION; 353f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom#endif 354f42d491ab90c82302b0054c62014c1ee9b638affBrian Carlstrom 355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_TLSEXT 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (version != SSL2_VERSION) 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* have to disable SSL 2.0 compatibility if we need TLS extensions */ 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_hostname != NULL) 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl2_compat = 0; 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_status_type != -1) 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl2_compat = 0; 364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) 366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl2_compat = 0; 367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=(unsigned char *)s->init_buf->data; 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* don't reuse session-id's */ 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_get_new_session(s,0)) 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->s3->client_random; 383ff41a4bc41ae1e1391f9b05117623ff70b985983Kenny Root if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (version == TLS1_2_VERSION) 387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom version_major = TLS1_2_VERSION_MAJOR; 389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom version_minor = TLS1_2_VERSION_MINOR; 390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (version == TLS1_1_VERSION) 392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom version_major = TLS1_1_VERSION_MAJOR; 394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom version_minor = TLS1_1_VERSION_MINOR; 395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (version == TLS1_VERSION) 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_major = TLS1_VERSION_MAJOR; 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_minor = TLS1_VERSION_MINOR; 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if(FIPS_mode()) 403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL23_CLIENT_HELLO, 405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (version == SSL3_VERSION) 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_major = SSL3_VERSION_MAJOR; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_minor = SSL3_VERSION_MINOR; 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (version == SSL2_VERSION) 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_major = SSL2_VERSION_MAJOR; 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project version_minor = SSL2_VERSION_MINOR; 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->client_version = version; 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl2_compat) 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* create SSL 2.0 compatible Client Hello */ 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* two byte record header will be written last */ 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = &(buf[2]); 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = d + 9; /* leave space for message type, version, individual length fields */ 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL2_MT_CLIENT_HELLO; 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = version_major; 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = version_minor; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Ciphers supported */ 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* no ciphers */ 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(i,d); 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* put in the session-id length (zero since there is no reuse) */ 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->session_id_length=0; 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(0,d); 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ch_len=SSL2_CHALLENGE_LENGTH; 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ch_len=SSL2_MAX_CHALLENGE_LENGTH; 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* write out sslv2 challenge */ 462221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), 463221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) 464221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the 465221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom check in for futurproofing */ 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL3_RANDOM_SIZE < ch_len) 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL3_RANDOM_SIZE; 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ch_len; 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(i,d); 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i= p- &(buf[2]); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[0]=((i>>8)&0xff)|0x80; 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[1]=(i&0xff); 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* number of bytes to write */ 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=i+2; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_finish_mac(s,&(buf[2]),i); 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* create Client Hello in SSL 3.0/TLS 1.0 format */ 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4927f7ea2d72f2e316ba518e82f06513e3477840c15Kenny Root /* do the record header (5 bytes) and handshake message header (4 bytes) last */ 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = p = &(buf[9]); 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++) = version_major; 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++) = version_minor; 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Random stuff */ 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p += SSL3_RANDOM_SIZE; 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Session ID (zero since there is no reuse) */ 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++) = 0; 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 512a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 513a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom /* Some servers hang if client hello > 256 bytes 514a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom * as hack workaround chop number of supported ciphers 515a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom * to keep it well below this if we use TLS v1.2 516a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom */ 517a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom if (TLS1_get_version(s) >= TLS1_2_VERSION 518a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 519a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 520a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom#endif 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(i,p); 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=i; 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* COMPRESSION */ 525221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef OPENSSL_NO_COMP 526221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(p++)=1; 527221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#else 528221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((s->options & SSL_OP_NO_COMPRESSION) 529221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || !s->ctx->comp_methods) 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=sk_SSL_COMP_num(s->ctx->comp_methods); 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=1+j; 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<j; i++) 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=comp->id; 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 539221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=0; /* Add the NULL method */ 541221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 543221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* TLS extensions*/ 544221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ssl_prepare_clienthello_tlsext(s) <= 0) 545221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 546221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 547221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return -1; 548221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l = p-d; 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* fill in 4-byte handshake header */ 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=&(buf[5]); 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=SSL3_MT_CLIENT_HELLO; 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3(l,d); 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l += 4; 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (l > SSL3_RT_MAX_PLAIN_LENGTH) 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* fill in 5-byte record header */ 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=buf; 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL3_RT_HANDSHAKE; 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = version_major; 575a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom /* Some servers hang if we use long client hellos 576a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom * and a record number > TLS 1.0. 577a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom */ 578a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom if (TLS1_get_client_version(s) > TLS1_VERSION) 579a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom *(d++) = 1; 580a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom else 581a1a5710c055e139ea00e785f9eb55b3af3e4dab1Brian Carlstrom *(d++) = version_minor; 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n((int)l,d); 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* number of bytes to write */ 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=p-buf; 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_CW_CLNT_HELLO_B; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_off=0; 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL3_ST_CW_CLNT_HELLO_B */ 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = ssl23_write_bytes(s); 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret >= 2) && s->msg_callback) 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Client Hello has been sent; tell msg_callback */ 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl2_compat) 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ssl23_get_server_hello(SSL *s) 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf[8]; 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p; 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int n; 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=ssl23_read_bytes(s,7); 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n != 7) return(n); 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(buf,p,n); 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (p[5] == 0x00) && (p[6] == 0x02)) 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_SSL2 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we are talking sslv2 */ 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we need to clean up the SSLv3 setup and put in the 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * sslv2 stuff. */ 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ch_len; 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NO_SSLv2) 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s2 == NULL) 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl2_new(s)) 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl2_clear(s); 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ch_len=SSL2_CHALLENGE_LENGTH; 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ch_len=SSL2_MAX_CHALLENGE_LENGTH; 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* write out sslv2 challenge */ 656221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because 657221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or 658221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for 659221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom futurproofing */ 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=(SSL3_RANDOM_SIZE < ch_len) 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ?SSL3_RANDOM_SIZE:ch_len; 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->challenge_length=i; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->s2->challenge, 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3 != NULL) ssl3_free(s); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow_clean(s->init_buf, 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL2_ST_GET_SERVER_HELLO_A; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->client_version == SSL2_VERSION)) 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->ssl2_rollback=1; 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 680221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* setup the 7 bytes we have read so we get them from 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the sslv2 buffer */ 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=n; 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet= &(s->s2->rbuf[0]); 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->packet,buf,n); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_left=n; 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_offs=0; 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have already written one */ 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->write_sequence=1; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=SSLv2_client_method(); 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_connect; 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 696221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (p[1] == SSL3_VERSION_MAJOR && 697392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p[2] <= TLS1_2_VERSION_MINOR && 698221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || 699221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 701221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we have sslv3 or tls1 (server hello or alert) */ 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 703c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#ifndef OPENSSL_NO_SSL3 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[2] == SSL3_VERSION_MINOR) && 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !(s->options & SSL_OP_NO_SSLv3)) 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 707392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 708392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(FIPS_mode()) 709392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 710392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, 711392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 712392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 713392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 714392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=SSLv3_client_method(); 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 718c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root else 719c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#endif 720c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if ((p[2] == TLS1_VERSION_MINOR) && 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !(s->options & SSL_OP_NO_TLSv1)) 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=TLSv1_client_method(); 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 726392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if ((p[2] == TLS1_1_VERSION_MINOR) && 727392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_1)) 728392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 729392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_1_VERSION; 730392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->method=TLSv1_1_client_method(); 731392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 732392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if ((p[2] == TLS1_2_VERSION_MINOR) && 733392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_2)) 734392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 735392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_2_VERSION; 736392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->method=TLSv1_2_client_method(); 737392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 743221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 7449a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller /* ensure that TLS_MAX_VERSION is up-to-date */ 7459a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller OPENSSL_assert(s->version <= TLS_MAX_VERSION); 7469a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller 747221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* fatal alert */ 750221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 751221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom void (*cb)(const SSL *ssl,int type,int val)=NULL; 752221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int j; 753221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 754221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->info_callback != NULL) 755221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cb=s->info_callback; 756221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (s->ctx->info_callback != NULL) 757221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cb=s->ctx->info_callback; 758221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 759221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=p[5]; 760221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cb != NULL) 761221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 762221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom j=(i<<8)|p[6]; 763221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cb(s,SSL_CB_READ_ALERT,j); 764221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 765221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 766221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->msg_callback) 767221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg); 768221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 769221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->rwstate=SSL_NOTHING; 770221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); 771221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ssl_init_wbio_buffer(s,1)) goto err; 775221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 776221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we are in this state */ 777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->state=SSL3_ST_CR_SRVR_HELLO_A; 778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 779221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* put the 7 bytes we have read into the input buffer 780221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * for SSLv3 */ 781221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->rstate=SSL_ST_READ_HEADER; 782221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->packet_length=n; 783221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->rbuf.buf == NULL) 784221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ssl3_setup_read_buffer(s)) 785221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 786221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->packet= &(s->s3->rbuf.buf[0]); 787221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(s->packet,buf,n); 788221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->rbuf.left=n; 789221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->s3->rbuf.offset=0; 790221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 791221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->handshake_func=s->method->ssl_connect; 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Since, if we are sending a ssl23 client hello, we are not 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * reusing a session-id */ 802fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom if (!s->session_creation_enabled) 803fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom { 804fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom if (!(s->client_version == SSL2_VERSION)) 805fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 806fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); 807fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom goto err; 808fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom } 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_get_new_session(s,0)) 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_connect(s)); 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 816