From 00c1c6cb28caf9df47419cd90c53f97893bbfd22 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Wed, 11 May 2005 18:26:08 +0000 Subject: [PATCH] PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled with the SSL_OP_NO_SSLv2 option. --- CHANGES | 7 ++ ssl/s23_clnt.c | 223 ++++++++++++++++++++++++++++++++++++------------- ssl/s2_clnt.c | 2 +- ssl/s2_srvr.c | 2 +- ssl/s3_clnt.c | 2 +- ssl/ssl_lib.c | 6 +- ssl/ssl_locl.h | 3 +- 7 files changed, 181 insertions(+), 64 deletions(-) diff --git a/CHANGES b/CHANGES index 12116187d6..82b24f052d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + *) Change the client implementation for SSLv23_method() and + SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0 + Client Hello message format if the SSL_OP_NO_SSLv2 option is set. + (Previously, the SSL 2.0 backwards compatible Client Hello + message format would be used even with SSL_OP_NO_SSLv2.) + [Bodo Moeller] + *) Add support for smime-type MIME parameter in S/MIME messages which some clients need. [Steve Henson] diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 779e94a35c..b72d0ee258 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,ch_len; + int i,j,ch_len; + unsigned long Time,l; + int ssl2_compat; + int version = 0, version_major, version_minor; + SSL_COMP *comp; int ret; + ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; + + if (!(s->options & SSL_OP_NO_TLSv1)) + { + version = TLS1_VERSION; + } + else if (!(s->options & SSL_OP_NO_SSLv3)) + { + version = SSL3_VERSION; + } + else if (!(s->options & SSL_OP_NO_SSLv2)) + { + version = SSL2_VERSION; + } + buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { @@ -235,19 +254,15 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) - return -1; - - /* Do the message type and length last */ - d= &(buf[2]); - p=d+9; + Time=time(NULL); /* Time */ + l2n(Time,p); + if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + return -1; - *(d++)=SSL2_MT_CLIENT_HELLO; - if (!(s->options & SSL_OP_NO_TLSv1)) + if (version == TLS1_VERSION) { - *(d++)=TLS1_VERSION_MAJOR; - *(d++)=TLS1_VERSION_MINOR; - s->client_version=TLS1_VERSION; + version_major = TLS1_VERSION_MAJOR; + version_minor = TLS1_VERSION_MINOR; } #ifdef OPENSSL_FIPS else if(FIPS_mode()) @@ -257,17 +272,15 @@ static int ssl23_client_hello(SSL *s) return -1; } #endif - else if (!(s->options & SSL_OP_NO_SSLv3)) + else if (version == SSL3_VERSION) { - *(d++)=SSL3_VERSION_MAJOR; - *(d++)=SSL3_VERSION_MINOR; - s->client_version=SSL3_VERSION; + version_major = SSL3_VERSION_MAJOR; + version_minor = SSL3_VERSION_MINOR; } - else if (!(s->options & SSL_OP_NO_SSLv2)) + else if (version == SSL2_VERSION) { - *(d++)=SSL2_VERSION_MAJOR; - *(d++)=SSL2_VERSION_MINOR; - s->client_version=SSL2_VERSION; + version_major = SSL2_VERSION_MAJOR; + version_minor = SSL2_VERSION_MINOR; } else { @@ -275,59 +288,153 @@ static int ssl23_client_hello(SSL *s) return(-1); } - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); - if (i == 0) + s->client_version = version; + + if (ssl2_compat) { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return(-1); - } - s2n(i,d); - p+=i; + /* create SSL 2.0 compatible Client Hello */ + + /* two byte record header will be written last */ + d = &(buf[2]); + p = d + 9; /* leave space for message type, version, individual length fields */ - /* put in the session-id, zero since there is no - * reuse. */ + *(d++) = SSL2_MT_CLIENT_HELLO; + *(d++) = version_major; + *(d++) = version_minor; + + /* Ciphers supported */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); + if (i == 0) + { + /* no ciphers */ + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } + s2n(i,d); + p+=i; + + /* put in the session-id length (zero since there is no reuse) */ #if 0 - s->session->session_id_length=0; + s->session->session_id_length=0; #endif - s2n(0,d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; + s2n(0,d); + + if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + ch_len=SSL2_CHALLENGE_LENGTH; + else + ch_len=SSL2_MAX_CHALLENGE_LENGTH; + + /* write out sslv2 challenge */ + if (SSL3_RANDOM_SIZE < ch_len) + i=SSL3_RANDOM_SIZE; + else + i=ch_len; + s2n(i,d); + memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); + if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) + return -1; + + memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + p+=i; + + i= p- &(buf[2]); + buf[0]=((i>>8)&0xff)|0x80; + buf[1]=(i&0xff); + + /* number of bytes to write */ + s->init_num=i+2; + s->init_off=0; + + ssl3_finish_mac(s,&(buf[2]),i); + } else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; + { + /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* write out sslv2 challenge */ - if (SSL3_RANDOM_SIZE < ch_len) - i=SSL3_RANDOM_SIZE; - else - i=ch_len; - s2n(i,d); - memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) - return -1; + /* do the record header (5 bytes) and handshake message header (4 bytes) last */ + d = p = &(buf[9]); + + *(p++) = version_major; + *(p++) = version_minor; + + /* Random stuff */ + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; + + /* Session ID (zero since there is no reuse) */ + *(p++) = 0; + + /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); + if (i == 0) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } + s2n(i,p); + p+=i; + + /* COMPRESSION */ + if (s->ctx->comp_methods == NULL) + j=0; + else + j=sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++)=1+j; + for (i=0; ictx->comp_methods,i); + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ + + l = p-d; + *p = 42; - memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - p+=i; + /* fill in 4-byte handshake header */ + d=&(buf[5]); + *(d++)=SSL3_MT_CLIENT_HELLO; + l2n3(l,d); - i= p- &(buf[2]); - buf[0]=((i>>8)&0xff)|0x80; - buf[1]=(i&0xff); + l += 4; + + if (l > SSL3_RT_MAX_PLAIN_LENGTH) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } + + /* fill in 5-byte record header */ + d=buf; + *(d++) = SSL3_RT_HANDSHAKE; + *(d++) = version_major; + *(d++) = version_minor; /* arguably we should send the *lowest* suported version here + * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ + s2n((int)l,d); + + /* number of bytes to write */ + s->init_num=p-buf; + s->init_off=0; + + ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); + } s->state=SSL23_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=i+2; s->init_off=0; - - ssl3_finish_mac(s,&(buf[2]),i); } /* SSL3_ST_CW_CLNT_HELLO_B */ ret = ssl23_write_bytes(s); - if (ret >= 2) - if (s->msg_callback) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + + if ((ret >= 2) && s->msg_callback) + { + /* Client Hello has been sent; tell msg_callback */ + + if (ssl2_compat) + s->msg_callback(1, version, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); + else + s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg); + } + return ret; } diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index c67829f495..f22d6c0028 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -584,7 +584,7 @@ static int client_hello(SSL *s) s2n(SSL2_VERSION,p); /* version */ n=j=0; - n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); + n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0); d+=n; if (n == 0) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 853871f28c..94aec664e1 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -797,7 +797,7 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ sk= s->session->ciphers; - n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d); + n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0969476b25..9181fd81de 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -567,7 +567,7 @@ static int ssl3_client_hello(SSL *s) } /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); if (i == 0) { SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 31cb207ed2..f1ded07c46 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1181,7 +1181,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) return(buf); } -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) +int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, + int (*put_cb)(const SSL_CIPHER *, unsigned char *)) { int i,j=0; SSL_CIPHER *c; @@ -1200,7 +1201,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) if ((c->algorithms & SSL_KRB5) && nokrb5) continue; #endif /* OPENSSL_NO_KRB5 */ - j=ssl_put_cipher_by_char(s,c,p); + + j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } return(p-q); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 79cee72b77..6a0b7595f4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -493,7 +493,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp); -int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); +int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, + int (*put_cb)(const SSL_CIPHER *, unsigned char *)); STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted, -- 2.25.1