2
0

s23_clnt.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746
  1. /* ssl/s23_clnt.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. #include <stdio.h>
  112. #include "ssl_locl.h"
  113. #include <openssl/buffer.h>
  114. #include <openssl/rand.h>
  115. #include <openssl/objects.h>
  116. #include <openssl/evp.h>
  117. static const SSL_METHOD *ssl23_get_client_method(int ver);
  118. static int ssl23_client_hello(SSL *s);
  119. static int ssl23_get_server_hello(SSL *s);
  120. static const SSL_METHOD *ssl23_get_client_method(int ver)
  121. {
  122. #ifndef OPENSSL_NO_SSL2
  123. if (ver == SSL2_VERSION)
  124. return(SSLv2_client_method());
  125. #endif
  126. if (ver == SSL3_VERSION)
  127. return(SSLv3_client_method());
  128. else if (ver == TLS1_VERSION)
  129. return(TLSv1_client_method());
  130. else if (ver == TLS1_1_VERSION)
  131. return(TLSv1_1_client_method());
  132. else if (ver == TLS1_2_VERSION)
  133. return(TLSv1_2_client_method());
  134. else
  135. return(NULL);
  136. }
  137. IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
  138. ssl_undefined_function,
  139. ssl23_connect,
  140. ssl23_get_client_method)
  141. int ssl23_connect(SSL *s)
  142. {
  143. BUF_MEM *buf=NULL;
  144. unsigned long Time=(unsigned long)time(NULL);
  145. void (*cb)(const SSL *ssl,int type,int val)=NULL;
  146. int ret= -1;
  147. int new_state,state;
  148. RAND_add(&Time,sizeof(Time),0);
  149. ERR_clear_error();
  150. clear_sys_error();
  151. if (s->info_callback != NULL)
  152. cb=s->info_callback;
  153. else if (s->ctx->info_callback != NULL)
  154. cb=s->ctx->info_callback;
  155. s->in_handshake++;
  156. if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  157. for (;;)
  158. {
  159. state=s->state;
  160. switch(s->state)
  161. {
  162. case SSL_ST_BEFORE:
  163. case SSL_ST_CONNECT:
  164. case SSL_ST_BEFORE|SSL_ST_CONNECT:
  165. case SSL_ST_OK|SSL_ST_CONNECT:
  166. if (s->session != NULL)
  167. {
  168. SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
  169. ret= -1;
  170. goto end;
  171. }
  172. s->server=0;
  173. if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  174. /* s->version=TLS1_VERSION; */
  175. s->type=SSL_ST_CONNECT;
  176. if (s->init_buf == NULL)
  177. {
  178. if ((buf=BUF_MEM_new()) == NULL)
  179. {
  180. ret= -1;
  181. goto end;
  182. }
  183. if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
  184. {
  185. ret= -1;
  186. goto end;
  187. }
  188. s->init_buf=buf;
  189. buf=NULL;
  190. }
  191. if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
  192. ssl3_init_finished_mac(s);
  193. s->state=SSL23_ST_CW_CLNT_HELLO_A;
  194. s->ctx->stats.sess_connect++;
  195. s->init_num=0;
  196. break;
  197. case SSL23_ST_CW_CLNT_HELLO_A:
  198. case SSL23_ST_CW_CLNT_HELLO_B:
  199. s->shutdown=0;
  200. ret=ssl23_client_hello(s);
  201. if (ret <= 0) goto end;
  202. s->state=SSL23_ST_CR_SRVR_HELLO_A;
  203. s->init_num=0;
  204. break;
  205. case SSL23_ST_CR_SRVR_HELLO_A:
  206. case SSL23_ST_CR_SRVR_HELLO_B:
  207. ret=ssl23_get_server_hello(s);
  208. if (ret >= 0) cb=NULL;
  209. goto end;
  210. /* break; */
  211. default:
  212. SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
  213. ret= -1;
  214. goto end;
  215. /* break; */
  216. }
  217. if (s->debug) { (void)BIO_flush(s->wbio); }
  218. if ((cb != NULL) && (s->state != state))
  219. {
  220. new_state=s->state;
  221. s->state=state;
  222. cb(s,SSL_CB_CONNECT_LOOP,1);
  223. s->state=new_state;
  224. }
  225. }
  226. end:
  227. s->in_handshake--;
  228. if (buf != NULL)
  229. BUF_MEM_free(buf);
  230. if (cb != NULL)
  231. cb(s,SSL_CB_CONNECT_EXIT,ret);
  232. return(ret);
  233. }
  234. static int ssl23_no_ssl2_ciphers(SSL *s)
  235. {
  236. SSL_CIPHER *cipher;
  237. STACK_OF(SSL_CIPHER) *ciphers;
  238. int i;
  239. ciphers = SSL_get_ciphers(s);
  240. for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
  241. {
  242. cipher = sk_SSL_CIPHER_value(ciphers, i);
  243. if (cipher->algorithm_ssl == SSL_SSLV2)
  244. return 0;
  245. }
  246. return 1;
  247. }
  248. static int ssl23_client_hello(SSL *s)
  249. {
  250. unsigned char *buf;
  251. unsigned char *p,*d;
  252. int i,ch_len;
  253. unsigned long Time,l;
  254. int ssl2_compat;
  255. int version = 0, version_major, version_minor;
  256. #ifndef OPENSSL_NO_COMP
  257. int j;
  258. SSL_COMP *comp;
  259. #endif
  260. int ret;
  261. ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
  262. if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
  263. ssl2_compat = 0;
  264. if (!(s->options & SSL_OP_NO_TLSv1_2))
  265. {
  266. version = TLS1_2_VERSION;
  267. }
  268. else if (!(s->options & SSL_OP_NO_TLSv1_1))
  269. {
  270. version = TLS1_1_VERSION;
  271. }
  272. else if (!(s->options & SSL_OP_NO_TLSv1))
  273. {
  274. version = TLS1_VERSION;
  275. }
  276. else if (!(s->options & SSL_OP_NO_SSLv3))
  277. {
  278. version = SSL3_VERSION;
  279. }
  280. else if (!(s->options & SSL_OP_NO_SSLv2))
  281. {
  282. version = SSL2_VERSION;
  283. }
  284. #ifndef OPENSSL_NO_TLSEXT
  285. if (version != SSL2_VERSION)
  286. {
  287. /* have to disable SSL 2.0 compatibility if we need TLS extensions */
  288. if (s->tlsext_hostname != NULL)
  289. ssl2_compat = 0;
  290. if (s->tlsext_status_type != -1)
  291. ssl2_compat = 0;
  292. #ifdef TLSEXT_TYPE_opaque_prf_input
  293. if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
  294. ssl2_compat = 0;
  295. #endif
  296. }
  297. #endif
  298. buf=(unsigned char *)s->init_buf->data;
  299. if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
  300. {
  301. #if 0
  302. /* don't reuse session-id's */
  303. if (!ssl_get_new_session(s,0))
  304. {
  305. return(-1);
  306. }
  307. #endif
  308. p=s->s3->client_random;
  309. Time=(unsigned long)time(NULL); /* Time */
  310. l2n(Time,p);
  311. if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
  312. return -1;
  313. if (version == TLS1_2_VERSION)
  314. {
  315. version_major = TLS1_2_VERSION_MAJOR;
  316. version_minor = TLS1_2_VERSION_MINOR;
  317. }
  318. else if (version == TLS1_1_VERSION)
  319. {
  320. version_major = TLS1_1_VERSION_MAJOR;
  321. version_minor = TLS1_1_VERSION_MINOR;
  322. }
  323. else if (version == TLS1_VERSION)
  324. {
  325. version_major = TLS1_VERSION_MAJOR;
  326. version_minor = TLS1_VERSION_MINOR;
  327. }
  328. #ifdef OPENSSL_FIPS
  329. else if(FIPS_mode())
  330. {
  331. SSLerr(SSL_F_SSL23_CLIENT_HELLO,
  332. SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
  333. return -1;
  334. }
  335. #endif
  336. else if (version == SSL3_VERSION)
  337. {
  338. version_major = SSL3_VERSION_MAJOR;
  339. version_minor = SSL3_VERSION_MINOR;
  340. }
  341. else if (version == SSL2_VERSION)
  342. {
  343. version_major = SSL2_VERSION_MAJOR;
  344. version_minor = SSL2_VERSION_MINOR;
  345. }
  346. else
  347. {
  348. SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
  349. return(-1);
  350. }
  351. s->client_version = version;
  352. if (ssl2_compat)
  353. {
  354. /* create SSL 2.0 compatible Client Hello */
  355. /* two byte record header will be written last */
  356. d = &(buf[2]);
  357. p = d + 9; /* leave space for message type, version, individual length fields */
  358. *(d++) = SSL2_MT_CLIENT_HELLO;
  359. *(d++) = version_major;
  360. *(d++) = version_minor;
  361. /* Ciphers supported */
  362. i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
  363. if (i == 0)
  364. {
  365. /* no ciphers */
  366. SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
  367. return -1;
  368. }
  369. s2n(i,d);
  370. p+=i;
  371. /* put in the session-id length (zero since there is no reuse) */
  372. #if 0
  373. s->session->session_id_length=0;
  374. #endif
  375. s2n(0,d);
  376. if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
  377. ch_len=SSL2_CHALLENGE_LENGTH;
  378. else
  379. ch_len=SSL2_MAX_CHALLENGE_LENGTH;
  380. /* write out sslv2 challenge */
  381. /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
  382. because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
  383. or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
  384. check in for futurproofing */
  385. if (SSL3_RANDOM_SIZE < ch_len)
  386. i=SSL3_RANDOM_SIZE;
  387. else
  388. i=ch_len;
  389. s2n(i,d);
  390. memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
  391. if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
  392. return -1;
  393. memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
  394. p+=i;
  395. i= p- &(buf[2]);
  396. buf[0]=((i>>8)&0xff)|0x80;
  397. buf[1]=(i&0xff);
  398. /* number of bytes to write */
  399. s->init_num=i+2;
  400. s->init_off=0;
  401. ssl3_finish_mac(s,&(buf[2]),i);
  402. }
  403. else
  404. {
  405. /* create Client Hello in SSL 3.0/TLS 1.0 format */
  406. /* do the record header (5 bytes) and handshake message header (4 bytes) last */
  407. d = p = &(buf[9]);
  408. *(p++) = version_major;
  409. *(p++) = version_minor;
  410. /* Random stuff */
  411. memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
  412. p += SSL3_RANDOM_SIZE;
  413. /* Session ID (zero since there is no reuse) */
  414. *(p++) = 0;
  415. /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
  416. i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
  417. if (i == 0)
  418. {
  419. SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
  420. return -1;
  421. }
  422. s2n(i,p);
  423. p+=i;
  424. /* COMPRESSION */
  425. #ifdef OPENSSL_NO_COMP
  426. *(p++)=1;
  427. #else
  428. if ((s->options & SSL_OP_NO_COMPRESSION)
  429. || !s->ctx->comp_methods)
  430. j=0;
  431. else
  432. j=sk_SSL_COMP_num(s->ctx->comp_methods);
  433. *(p++)=1+j;
  434. for (i=0; i<j; i++)
  435. {
  436. comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
  437. *(p++)=comp->id;
  438. }
  439. #endif
  440. *(p++)=0; /* Add the NULL method */
  441. #ifndef OPENSSL_NO_TLSEXT
  442. /* TLS extensions*/
  443. if (ssl_prepare_clienthello_tlsext(s) <= 0)
  444. {
  445. SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
  446. return -1;
  447. }
  448. if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
  449. {
  450. SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
  451. return -1;
  452. }
  453. #endif
  454. l = p-d;
  455. /* fill in 4-byte handshake header */
  456. d=&(buf[5]);
  457. *(d++)=SSL3_MT_CLIENT_HELLO;
  458. l2n3(l,d);
  459. l += 4;
  460. if (l > SSL3_RT_MAX_PLAIN_LENGTH)
  461. {
  462. SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
  463. return -1;
  464. }
  465. /* fill in 5-byte record header */
  466. d=buf;
  467. *(d++) = SSL3_RT_HANDSHAKE;
  468. *(d++) = version_major;
  469. *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
  470. * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
  471. s2n((int)l,d);
  472. /* number of bytes to write */
  473. s->init_num=p-buf;
  474. s->init_off=0;
  475. ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
  476. }
  477. s->state=SSL23_ST_CW_CLNT_HELLO_B;
  478. s->init_off=0;
  479. }
  480. /* SSL3_ST_CW_CLNT_HELLO_B */
  481. ret = ssl23_write_bytes(s);
  482. if ((ret >= 2) && s->msg_callback)
  483. {
  484. /* Client Hello has been sent; tell msg_callback */
  485. if (ssl2_compat)
  486. s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
  487. else
  488. s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
  489. }
  490. return ret;
  491. }
  492. static int ssl23_get_server_hello(SSL *s)
  493. {
  494. char buf[8];
  495. unsigned char *p;
  496. int i;
  497. int n;
  498. n=ssl23_read_bytes(s,7);
  499. if (n != 7) return(n);
  500. p=s->packet;
  501. memcpy(buf,p,n);
  502. if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
  503. (p[5] == 0x00) && (p[6] == 0x02))
  504. {
  505. #ifdef OPENSSL_NO_SSL2
  506. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
  507. goto err;
  508. #else
  509. /* we are talking sslv2 */
  510. /* we need to clean up the SSLv3 setup and put in the
  511. * sslv2 stuff. */
  512. int ch_len;
  513. if (s->options & SSL_OP_NO_SSLv2)
  514. {
  515. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
  516. goto err;
  517. }
  518. if (s->s2 == NULL)
  519. {
  520. if (!ssl2_new(s))
  521. goto err;
  522. }
  523. else
  524. ssl2_clear(s);
  525. if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
  526. ch_len=SSL2_CHALLENGE_LENGTH;
  527. else
  528. ch_len=SSL2_MAX_CHALLENGE_LENGTH;
  529. /* write out sslv2 challenge */
  530. /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
  531. it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
  532. SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
  533. futurproofing */
  534. i=(SSL3_RANDOM_SIZE < ch_len)
  535. ?SSL3_RANDOM_SIZE:ch_len;
  536. s->s2->challenge_length=i;
  537. memcpy(s->s2->challenge,
  538. &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
  539. if (s->s3 != NULL) ssl3_free(s);
  540. if (!BUF_MEM_grow_clean(s->init_buf,
  541. SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
  542. {
  543. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
  544. goto err;
  545. }
  546. s->state=SSL2_ST_GET_SERVER_HELLO_A;
  547. if (!(s->client_version == SSL2_VERSION))
  548. /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
  549. s->s2->ssl2_rollback=1;
  550. /* setup the 7 bytes we have read so we get them from
  551. * the sslv2 buffer */
  552. s->rstate=SSL_ST_READ_HEADER;
  553. s->packet_length=n;
  554. s->packet= &(s->s2->rbuf[0]);
  555. memcpy(s->packet,buf,n);
  556. s->s2->rbuf_left=n;
  557. s->s2->rbuf_offs=0;
  558. /* we have already written one */
  559. s->s2->write_sequence=1;
  560. s->method=SSLv2_client_method();
  561. s->handshake_func=s->method->ssl_connect;
  562. #endif
  563. }
  564. else if (p[1] == SSL3_VERSION_MAJOR &&
  565. p[2] <= TLS1_2_VERSION_MINOR &&
  566. ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
  567. (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
  568. {
  569. /* we have sslv3 or tls1 (server hello or alert) */
  570. if ((p[2] == SSL3_VERSION_MINOR) &&
  571. !(s->options & SSL_OP_NO_SSLv3))
  572. {
  573. #ifdef OPENSSL_FIPS
  574. if(FIPS_mode())
  575. {
  576. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
  577. SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
  578. goto err;
  579. }
  580. #endif
  581. s->version=SSL3_VERSION;
  582. s->method=SSLv3_client_method();
  583. }
  584. else if ((p[2] == TLS1_VERSION_MINOR) &&
  585. !(s->options & SSL_OP_NO_TLSv1))
  586. {
  587. s->version=TLS1_VERSION;
  588. s->method=TLSv1_client_method();
  589. }
  590. else if ((p[2] == TLS1_1_VERSION_MINOR) &&
  591. !(s->options & SSL_OP_NO_TLSv1_1))
  592. {
  593. s->version=TLS1_1_VERSION;
  594. s->method=TLSv1_1_client_method();
  595. }
  596. else if ((p[2] == TLS1_2_VERSION_MINOR) &&
  597. !(s->options & SSL_OP_NO_TLSv1_2))
  598. {
  599. s->version=TLS1_2_VERSION;
  600. s->method=TLSv1_2_client_method();
  601. }
  602. else
  603. {
  604. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
  605. goto err;
  606. }
  607. if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
  608. {
  609. /* fatal alert */
  610. void (*cb)(const SSL *ssl,int type,int val)=NULL;
  611. int j;
  612. if (s->info_callback != NULL)
  613. cb=s->info_callback;
  614. else if (s->ctx->info_callback != NULL)
  615. cb=s->ctx->info_callback;
  616. i=p[5];
  617. if (cb != NULL)
  618. {
  619. j=(i<<8)|p[6];
  620. cb(s,SSL_CB_READ_ALERT,j);
  621. }
  622. if (s->msg_callback)
  623. s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
  624. s->rwstate=SSL_NOTHING;
  625. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
  626. goto err;
  627. }
  628. if (!ssl_init_wbio_buffer(s,1)) goto err;
  629. /* we are in this state */
  630. s->state=SSL3_ST_CR_SRVR_HELLO_A;
  631. /* put the 7 bytes we have read into the input buffer
  632. * for SSLv3 */
  633. s->rstate=SSL_ST_READ_HEADER;
  634. s->packet_length=n;
  635. if (s->s3->rbuf.buf == NULL)
  636. if (!ssl3_setup_read_buffer(s))
  637. goto err;
  638. s->packet= &(s->s3->rbuf.buf[0]);
  639. memcpy(s->packet,buf,n);
  640. s->s3->rbuf.left=n;
  641. s->s3->rbuf.offset=0;
  642. s->handshake_func=s->method->ssl_connect;
  643. }
  644. else
  645. {
  646. SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
  647. goto err;
  648. }
  649. s->init_num=0;
  650. /* Since, if we are sending a ssl23 client hello, we are not
  651. * reusing a session-id */
  652. if (!ssl_get_new_session(s,0))
  653. goto err;
  654. return(SSL_connect(s));
  655. err:
  656. return(-1);
  657. }