X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs23_srvr.c;h=131054b411d3efee65bff33a8aa4f99d92400ae8;hb=d88a26c4892152c326d8b4ca80a0cc59fe8c8d51;hp=9095df279334146ed0f8fec95deb31785379213d;hpb=f70df1b8870d4a0bee2769d8205d90beb5baa084;p=oweals%2Fopenssl.git diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 9095df2793..131054b411 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -67,8 +67,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { +#ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); +#endif if (ver == SSL3_VERSION) return(SSLv3_server_method()); else if (ver == TLS1_VERSION) @@ -101,7 +103,7 @@ int ssl23_accept(SSL *s) int ret= -1; int new_state,state; - RAND_seed(&Time,sizeof(Time)); + RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); @@ -186,14 +188,29 @@ end: int ssl23_get_client_hello(SSL *s) { - char buf_space[11]; + char buf_space[11]; /* Request this many bytes in initial read. + * We can detect SSL 3.0/TLS 1.0 Client Hellos + * ('type == 3') correctly only when the following + * is in a single record, which is not guaranteed by + * the protocol specification: + * Byte Content + * 0 type \ + * 1/2 version > record header + * 3/4 length / + * 5 msg_type \ + * 6-8 length > Client Hello message + * 9/10 client_version / + */ char *buf= &(buf_space[0]); unsigned char *p,*d,*dd; unsigned int i; unsigned int csl,sil,cl; - int n=0,j,tls1=0; - int type=0,use_sslv2_strong=0; + int n=0,j; + int type=0; int v[2]; +#ifndef OPENSSL_NO_RSA + int use_sslv2_strong=0; +#endif if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { @@ -202,8 +219,8 @@ int ssl23_get_client_hello(SSL *s) if (!ssl3_setup_buffers(s)) goto err; - n=ssl23_read_bytes(s,11); - if (n != 11) return(n); /* n == -1 || n == 0 */ + n=ssl23_read_bytes(s, sizeof buf_space); + if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ p=s->packet; @@ -229,12 +246,13 @@ int ssl23_get_client_hello(SSL *s) { if (!(s->options & SSL_OP_NO_TLSv1)) { - tls1=1; + s->version=TLS1_VERSION; /* type=2; */ /* done later to survive restarts */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_SSLv3)) { + s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } @@ -245,6 +263,7 @@ int ssl23_get_client_hello(SSL *s) } else if (!(s->options & SSL_OP_NO_SSLv3)) { + s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } @@ -262,6 +281,7 @@ int ssl23_get_client_hello(SSL *s) * throw this away and implement it in a way * that makes sense */ { +#if 0 STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int ne2,ne3; @@ -277,7 +297,7 @@ int ssl23_get_client_hello(SSL *s) if (n <= 0) return(n); p=s->packet; - if ((buf=Malloc(n)) == NULL) + if ((buf=OPENSSL_malloc(n)) == NULL) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); goto err; @@ -311,32 +331,56 @@ int ssl23_get_client_hello(SSL *s) goto next_bit; } } +#else + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION); + goto err; +#endif } } } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && - (p[9] == p[1])) + ((p[3] == 0 && p[4] < 5 /* silly record length? */) + || (p[9] == p[1]))) { /* * SSLv3 or tls1 header */ - /* we must look at client_version inside the client hello: */ - v[0]=p[9]; v[1]=p[10]; + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ + /* We must look at client_version inside the Client Hello message + * to get the correct minor version. + * However if we have only a pathologically small fragment of the + * Client Hello message, this would be difficult, we'd have + * to read at least one additional record to find out. + * This doesn't usually happen in real life, so we just complain + * for now. + */ + if (p[3] == 0 && p[4] < 6) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); + goto err; + } + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) { + s->version=TLS1_VERSION; type=3; - tls1=1; } else if (!(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; type=3; + } } else if (!(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; type=3; + } } else if ((strncmp("GET ", (char *)p,4) == 0) || (strncmp("POST ",(char *)p,5) == 0) || @@ -353,15 +397,16 @@ int ssl23_get_client_hello(SSL *s) } } -next_bit: if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { - /* we have a SSLv3/TLSv1 in a SSLv2 header - * (other cases skip this state)* */ + /* we have SSLv3/TLSv1 in an SSLv2 header + * (other cases skip this state) */ + type=2; p=s->packet; - v[0] = p[3]; + v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; + n=((p[0]&0x7f)<<8)|p[1]; if (n > (1024*4)) { @@ -386,14 +431,11 @@ next_bit: goto err; } - *(d++)=SSL3_VERSION_MAJOR; - if (tls1) - *(d++)=TLS1_VERSION_MINOR; - else - *(d++)=SSL3_VERSION_MINOR; + *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ + *(d++) = v[1]; /* lets populate the random area */ - /* get the chalenge_length */ + /* get the challenge_length */ i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; memset(d,0,SSL3_RANDOM_SIZE); memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); @@ -432,6 +474,10 @@ next_bit: if (type == 1) { +#ifdef OPENSSL_NO_SSL2 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ @@ -454,9 +500,12 @@ next_bit: s->state=SSL2_ST_GET_CLIENT_HELLO_A; if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong) + use_sslv2_strong || + (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 + * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from @@ -470,6 +519,7 @@ next_bit: s->method=SSLv2_server_method(); s->handshake_func=s->method->ssl_accept; +#endif } if ((type == 2) || (type == 3)) @@ -499,16 +549,10 @@ next_bit: s->s3->rbuf.offset=0; } - if (tls1) - { - s->version=TLS1_VERSION; - s->method=TLSv1_server_method(); - } + if (s->version == TLS1_VERSION) + s->method = TLSv1_server_method(); else - { - s->version=SSL3_VERSION; - s->method=SSLv3_server_method(); - } + s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif @@ -523,11 +567,10 @@ next_bit: } s->init_num=0; - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); s->first_packet=1; return(SSL_accept(s)); err: - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); return(-1); } -