1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ssl/s23_srvr.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/buffer.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 118392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 119392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/fips.h> 120392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_server_method(int ver); 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_get_client_hello(SSL *s); 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic const SSL_METHOD *ssl23_get_server_method(int ver) 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SSL2 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL2_VERSION) 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv2_server_method()); 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 130c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#ifndef OPENSSL_NO_SSL3 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ver == SSL3_VERSION) 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSLv3_server_method()); 133c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#endif 134c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (ver == TLS1_VERSION) 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(TLSv1_server_method()); 136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_1_VERSION) 137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_1_server_method()); 138392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (ver == TLS1_2_VERSION) 139392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(TLSv1_2_server_method()); 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_ssl23_meth_func(SSLv23_server_method, 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_accept, 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_undefined_function, 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl23_get_server_method) 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_accept(SSL *s) 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM *buf; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long Time=(unsigned long)time(NULL); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void (*cb)(const SSL *ssl,int type,int val)=NULL; 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int new_state,state; 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_add(&Time,sizeof(Time),0); 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project clear_sys_error(); 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->info_callback != NULL) 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->info_callback; 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s->ctx->info_callback != NULL) 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb=s->ctx->info_callback; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake++; 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project state=s->state; 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(s->state) 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE: 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_ACCEPT: 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_BEFORE|SSL_ST_ACCEPT: 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ST_OK|SSL_ST_ACCEPT: 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=1; 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->version=SSL3_VERSION; */ 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->type=SSL_ST_ACCEPT; 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf == NULL) 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf=BUF_MEM_new()) == NULL) 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=buf; 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_init_finished_mac(s); 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_A; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx->stats.sess_accept++; 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_SR_CLNT_HELLO_A: 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL23_ST_SR_CLNT_HELLO_B: 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=ssl23_get_client_hello(s); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret >= 0) cb=NULL; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -1; 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((cb != NULL) && (s->state != state)) 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_state=s->state; 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=state; 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_ACCEPT_LOOP,1); 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=new_state; 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->in_handshake--; 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cb != NULL) 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cb(s,SSL_CB_ACCEPT_EXIT,ret); 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl23_get_client_hello(SSL *s) 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf_space[11]; /* Request this many bytes in initial read. 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * We can detect SSL 3.0/TLS 1.0 Client Hellos 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ('type == 3') correctly only when the following 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * is in a single record, which is not guaranteed by 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the protocol specification: 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Byte Content 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 0 type \ 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1/2 version > record header 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3/4 length / 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5 msg_type \ 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6-8 length > Client Hello message 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9/10 client_version / 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *buf= &(buf_space[0]); 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p,*d,*d_len,*dd; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int i; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int csl,sil,cl; 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int n=0,j; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int type=0; 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int v[2]; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* read the initial header */ 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=v[1]=0; 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl3_setup_buffers(s)) goto err; 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=ssl23_read_bytes(s, sizeof buf_space); 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(buf,p,n); 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSLv2 header 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((p[3] == 0x00) && (p[4] == 0x02)) 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[3]; v[1]=p[4]; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSLv2 */ 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->options & SSL_OP_NO_SSLv2)) 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (p[3] == SSL3_VERSION_MAJOR) 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[3]; v[1]=p[4]; 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSLv3/TLSv1 */ 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[4] >= TLS1_VERSION_MINOR) 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p[4] >= TLS1_2_VERSION_MINOR && 296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_2)) 297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_2_VERSION; 299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->state=SSL23_ST_SR_CLNT_HELLO_B; 300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (p[4] >= TLS1_1_VERSION_MINOR && 302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_1)) 303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_1_VERSION; 305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* type=2; */ /* done later to survive restarts */ 306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->state=SSL23_ST_SR_CLNT_HELLO_B; 307392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 308392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (!(s->options & SSL_OP_NO_TLSv1)) 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ /* done later to survive restarts */ 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv2)) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* type=2; */ 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL23_ST_SR_CLNT_HELLO_B; 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv2)) 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=1; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((p[0] == SSL3_RT_HANDSHAKE) && 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (p[1] == SSL3_VERSION_MAJOR) && 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (p[5] == SSL3_MT_CLIENT_HELLO) && 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((p[3] == 0 && p[4] < 5 /* silly record length? */) 34098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom || (p[9] >= p[1]))) 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSLv3 or tls1 header 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We must look at client_version inside the Client Hello message 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to get the correct minor version. 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * However if we have only a pathologically small fragment of the 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Client Hello message, this would be difficult, and we'd have 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to read more records to find out. 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * No known SSL 3.0 client fragments ClientHello like this, 353c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * so we simply reject such connections to avoid 354c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * protocol version downgrade attacks. */ 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[3] == 0 && p[4] < 6) 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 36098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* if major version number > 3 set minor to a value 36198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * which will use the highest version 3 we support. 36298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * If TLS 2.0 ever appears we will need to revise 36398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * this.... 36498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 365c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (p[9] > SSL3_VERSION_MAJOR) 36698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom v[1]=0xff; 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[1]=p[10]; /* minor version according to client_version */ 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (v[1] >= TLS1_VERSION_MINOR) 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 371392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (v[1] >= TLS1_2_VERSION_MINOR && 372392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_2)) 373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_2_VERSION; 375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom type=3; 376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (v[1] >= TLS1_1_VERSION_MINOR && 378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->options & SSL_OP_NO_TLSv1_1)) 379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->version=TLS1_1_VERSION; 381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom type=3; 382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (!(s->options & SSL_OP_NO_TLSv1)) 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_SSLv3)) 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* client requests SSL 3.0 */ 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(s->options & SSL_OP_NO_SSLv3)) 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=SSL3_VERSION; 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(s->options & SSL_OP_NO_TLSv1)) 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we won't be able to use TLS of course, 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * but this will send an appropriate alert */ 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=TLS1_VERSION; 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=3; 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((strncmp("GET ", (char *)p,4) == 0) || 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("POST ",(char *)p,5) == 0) || 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("HEAD ",(char *)p,5) == 0) || 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strncmp("PUT ", (char *)p,4) == 0)) 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strncmp("CONNECT",(char *)p,7) == 0) 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 4269a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller /* ensure that TLS_MAX_VERSION is up-to-date */ 4279a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller OPENSSL_assert(s->version <= TLS_MAX_VERSION); 4289a68a8fb86e7440763286e3ea8578099abd598e7Bodo Moeller 429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (FIPS_mode() && (s->version < TLS1_VERSION)) 431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, 433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->state == SSL23_ST_SR_CLNT_HELLO_B) 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have SSLv3/TLSv1 in an SSLv2 header 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (other cases skip this state) */ 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=2; 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project v[1] = p[4]; 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 448c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 449c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * header is sent directly on the wire, not wrapped as a TLS 450c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * record. It's format is: 451c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * Byte Content 452c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 0-1 msg_length 453c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 2 msg_type 454c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 3-4 version 455c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 5-6 cipher_spec_length 456c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 7-8 session_id_length 457c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * 9-10 challenge_length 458c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * ... ... 459c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root */ 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=((p[0]&0x7f)<<8)|p[1]; 461f04b7b0cd950a9bf3c07edcbafb48afe63d4fed3Brian Carlstrom if (n > (1024*4)) 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 466c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (n < 9) 467c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root { 468c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); 469c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root goto err; 470c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root } 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=ssl23_read_bytes(s,n+2); 473c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root /* We previously read 11 bytes, so if j > 0, we must have 474c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * j == n+2 == s->packet_length. We have at least 11 valid 475c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root * packet bytes. */ 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j <= 0) return(j); 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl3_finish_mac(s, s->packet+2, s->packet_length-2); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->msg_callback) 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=s->packet; 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=5; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,csl); 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,sil); 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n2s(p,cl); 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d=(unsigned char *)s->init_buf->data; 488221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format 489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Client Hello, can we? Error condition should be 490221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * '>' otherweise */ 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* record header: msg_type ... */ 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL3_MT_CLIENT_HELLO; 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ... and length (actual value will be written later) */ 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d_len = d; 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d += 3; 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* client_version */ 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++) = v[1]; 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lets populate the random area */ 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the challenge_length */ 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(d,0,SSL3_RANDOM_SIZE); 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d+=SSL3_RANDOM_SIZE; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* no session-id reuse */ 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=0; 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ciphers */ 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dd=d; 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d+=2; 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<csl; i+=3) 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p[i] != 0) continue; 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=p[i+1]; 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=p[i+2]; 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j+=2; 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s2n(j,dd); 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* COMPRESSION */ 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=1; 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(d++)=0; 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 533221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 534221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* copy any remaining data with may be extensions */ 535221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom p = p+csl+sil+cl; 536221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom while (p < s->packet+s->packet_length) 537221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 538221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *(d++)=*(p++); 539221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 540221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 541221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = (d-(unsigned char *)s->init_buf->data) - 4; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l2n3((long)i, d_len); 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get the data reused from the init_buf */ 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.reuse_message=1; 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->tmp.message_size=i; 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* imaginary new state (for program structure): */ 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* s->state = SSL23_SR_CLNT_HELLO_C */ 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == 1) 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_SSL2 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we are talking sslv2 */ 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we need to clean up the SSLv3/TLSv1 setup and put in the 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * sslv2 stuff. */ 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s2 == NULL) 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl2_new(s)) 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl2_clear(s); 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3 != NULL) ssl3_free(s); 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BUF_MEM_grow_clean(s->init_buf, 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL2_ST_GET_CLIENT_HELLO_A; 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->ssl2_rollback=0; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (SSL 3.0 draft/RFC 2246, App. E.2) */ 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->ssl2_rollback=1; 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* setup the n bytes we have read so we get them from 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the sslv2 buffer */ 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=n; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet= &(s->s2->rbuf[0]); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->packet,buf,n); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_left=n; 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s2->rbuf_offs=0; 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=SSLv2_server_method(); 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_accept; 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((type == 2) || (type == 3)) 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 605c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root s->method = ssl23_get_server_method(s->version); 606c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (s->method == NULL) 607c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root { 608c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 609c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root goto err; 610c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root } 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ssl_init_wbio_buffer(s,1)) goto err; 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we are in this state */ 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL3_ST_SR_CLNT_HELLO_A; 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type == 3) 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* put the 'n' bytes we have read into the input buffer 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for SSLv3 */ 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=n; 623221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->s3->rbuf.buf == NULL) 624221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ssl3_setup_read_buffer(s)) 625221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 626221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet= &(s->s3->rbuf.buf[0]); 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(s->packet,buf,n); 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.left=n; 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.offset=0; 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->packet_length=0; 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.left=0; 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->s3->rbuf.offset=0; 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* ssl3_get_client_hello does this */ 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->client_version=(v[0]<<8)|v[1]; 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_accept; 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((type < 1) || (type > 3)) 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* bad, very bad */ 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_num=0; 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != buf_space) OPENSSL_free(buf); 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_accept(s)); 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != buf_space) OPENSSL_free(buf); 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 658