diff options
| author | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
|---|---|---|
| committer | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
| commit | 58964a492275ca9a59a0cd9c8155cb2491b4b909 (patch) | |
| tree | c7b16876a5789463bbbb468ef4829c8129b3d718 /ssl | |
| parent | d02b48c63a58ea4367a0e905979f140b7d090f86 (diff) | |
Import of old SSLeay release: SSLeay 0.9.0b
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/Makefile.ssl | 18 | ||||
| -rw-r--r-- | ssl/bio_ssl.c | 249 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 96 | ||||
| -rw-r--r-- | ssl/s23_lib.c | 15 | ||||
| -rw-r--r-- | ssl/s23_meth.c | 8 | ||||
| -rw-r--r-- | ssl/s23_pkt.c | 2 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 107 | ||||
| -rw-r--r-- | ssl/s2_clnt.c | 25 | ||||
| -rw-r--r-- | ssl/s2_enc.c | 8 | ||||
| -rw-r--r-- | ssl/s2_lib.c | 45 | ||||
| -rw-r--r-- | ssl/s2_meth.c | 4 | ||||
| -rw-r--r-- | ssl/s2_pkt.c | 28 | ||||
| -rw-r--r-- | ssl/s2_srvr.c | 59 | ||||
| -rw-r--r-- | ssl/s3_both.c | 137 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 242 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 162 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 184 | ||||
| -rw-r--r-- | ssl/s3_meth.c | 6 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 262 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 278 | ||||
| -rw-r--r-- | ssl/ssl.c | 2 | ||||
| -rw-r--r-- | ssl/ssl.err | 336 | ||||
| -rw-r--r-- | ssl/ssl.h | 677 | ||||
| -rw-r--r-- | ssl/ssl2.h | 6 | ||||
| -rw-r--r-- | ssl/ssl23.h | 2 | ||||
| -rw-r--r-- | ssl/ssl3.h | 56 | ||||
| -rw-r--r-- | ssl/ssl_algs.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_asn1.c | 12 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 19 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 223 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 30 | ||||
| -rw-r--r-- | ssl/ssl_err2.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 386 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 82 | ||||
| -rw-r--r-- | ssl/ssl_rsa.c | 71 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 203 | ||||
| -rw-r--r-- | ssl/ssl_stat.c | 3 | ||||
| -rw-r--r-- | ssl/ssl_task.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 29 | ||||
| -rw-r--r-- | ssl/ssltest.c | 234 | ||||
| -rw-r--r-- | ssl/t1_clnt.c | 90 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 635 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 151 | ||||
| -rw-r--r-- | ssl/t1_meth.c | 88 | ||||
| -rw-r--r-- | ssl/t1_srvr.c | 91 | ||||
| -rw-r--r-- | ssl/tls1.h | 115 |
46 files changed, 4036 insertions, 1449 deletions
diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index f6f40e44fc..f4b13bf83b 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -23,17 +23,19 @@ APPS= LIB=$(TOP)/libssl.a LIBSRC= \ - s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c \ - s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c \ - s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ + s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \ + s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \ + s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ + t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c \ bio_ssl.c $(ERRC).c LIBOBJ= \ - s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o \ - s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o \ - s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ + s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ + s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ + s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ + t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o \ @@ -41,7 +43,7 @@ LIBOBJ= \ SRC= $(LIBSRC) -EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h +EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h HEADER= $(EXHEADER) ssl_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -93,6 +95,6 @@ clean: errors: perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h - perl ../crypto/err/err_genc.pl $(ERR).h $(ERRC).c + perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 6c0babaf30..58a6d69b9b 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* ssl/bio_ssl.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -57,8 +57,10 @@ */ #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <errno.h> +#include "crypto.h" #include "bio.h" #include "err.h" #include "ssl.h" @@ -79,6 +81,17 @@ static int ssl_new(); static int ssl_free(); #endif +typedef struct bio_ssl_st + { + SSL *ssl; /* The ssl handle :-) */ + /* re-negotiate every time the total number of bytes is this size */ + int num_renegotiates; + unsigned long renegotiate_count; + unsigned long byte_count; + unsigned long renegotiate_timeout; + unsigned long last_time; + } BIO_SSL; + static BIO_METHOD methods_sslp= { BIO_TYPE_SSL,"ssl", @@ -99,8 +112,17 @@ BIO_METHOD *BIO_f_ssl() static int ssl_new(bi) BIO *bi; { + BIO_SSL *bs; + + bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL)); + if (bs == NULL) + { + BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); + return(0); + } + memset(bs,0,sizeof(BIO_SSL)); bi->init=0; - bi->ptr=NULL; /* The SSL structure */ + bi->ptr=(char *)bs; bi->flags=0; return(1); } @@ -108,15 +130,20 @@ BIO *bi; static int ssl_free(a) BIO *a; { + BIO_SSL *bs; + if (a == NULL) return(0); - if (a->ptr != NULL) SSL_shutdown((SSL *)a->ptr); + bs=(BIO_SSL *)a->ptr; + if (bs->ssl != NULL) SSL_shutdown(bs->ssl); if (a->shutdown) { - if (a->init) SSL_free((SSL *)a->ptr); + if (a->init && (bs->ssl != NULL)) + SSL_free(bs->ssl); a->init=0; a->flags=0; - a->ptr=NULL; } + if (a->ptr != NULL) + Free(a->ptr); return(1); } @@ -126,49 +153,74 @@ char *out; int outl; { int ret=1; - int inflags,outflags; + BIO_SSL *sb; SSL *ssl; int retry_reason=0; + int r=0; if (out == NULL) return(0); - ssl=(SSL *)b->ptr; + sb=(BIO_SSL *)b->ptr; + ssl=sb->ssl; - inflags=outflags=b->flags; - - outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY); + BIO_clear_retry_flags(b); +#if 0 if (!SSL_is_init_finished(ssl)) { - ret=SSL_do_handshake(ssl); -#if 0 +/* ret=SSL_do_handshake(ssl); */ if (ret > 0) { + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); ret= -1; goto end; } -#endif } - if (ret > 0) - ret=SSL_read(ssl,out,outl); +#endif +/* if (ret > 0) */ + ret=SSL_read(ssl,out,outl); switch (SSL_get_error(ssl,ret)) { case SSL_ERROR_NONE: if (ret <= 0) break; + if (sb->renegotiate_count > 0) + { + sb->byte_count+=ret; + if (sb->byte_count > sb->renegotiate_count) + { + sb->byte_count=0; + sb->num_renegotiates++; + SSL_renegotiate(ssl); + r=1; + } + } + if ((sb->renegotiate_timeout > 0) && (!r)) + { + unsigned long tm; + + tm=(unsigned long)time(NULL); + if (tm > sb->last_time+sb->renegotiate_timeout) + { + sb->last_time=tm; + sb->num_renegotiates++; + SSL_renegotiate(ssl); + } + } + break; case SSL_ERROR_WANT_READ: - outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_read(b); break; case SSL_ERROR_WANT_WRITE: - outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_write(b); break; case SSL_ERROR_WANT_X509_LOOKUP: - outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_special(b); retry_reason=BIO_RR_SSL_X509_LOOKUP; break; case SSL_ERROR_WANT_CONNECT: - outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_special(b); retry_reason=BIO_RR_CONNECT; break; case SSL_ERROR_SYSCALL: @@ -179,7 +231,6 @@ int outl; } b->retry_reason=retry_reason; - b->flags=outflags; return(ret); } @@ -188,38 +239,61 @@ BIO *b; char *out; int outl; { - int ret; - int inflags,outflags,retry_reason=0; + int ret,r=0; + int retry_reason=0; SSL *ssl; + BIO_SSL *bs; if (out == NULL) return(0); - ssl=(SSL *)b->ptr; - - inflags=outflags=b->flags; + bs=(BIO_SSL *)b->ptr; + ssl=bs->ssl; - outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY); + BIO_clear_retry_flags(b); - ret=SSL_do_handshake(ssl); - if (ret > 0) - ret=SSL_write(ssl,out,outl); +/* ret=SSL_do_handshake(ssl); + if (ret > 0) */ + ret=SSL_write(ssl,out,outl); switch (SSL_get_error(ssl,ret)) { case SSL_ERROR_NONE: if (ret <= 0) break; + if (bs->renegotiate_count > 0) + { + bs->byte_count+=ret; + if (bs->byte_count > bs->renegotiate_count) + { + bs->byte_count=0; + bs->num_renegotiates++; + SSL_renegotiate(ssl); + r=1; + } + } + if ((bs->renegotiate_timeout > 0) && (!r)) + { + unsigned long tm; + + tm=(unsigned long)time(NULL); + if (tm > bs->last_time+bs->renegotiate_timeout) + { + bs->last_time=tm; + bs->num_renegotiates++; + SSL_renegotiate(ssl); + } + } break; case SSL_ERROR_WANT_WRITE: - outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_write(b); break; case SSL_ERROR_WANT_READ: - outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_read(b); break; case SSL_ERROR_WANT_X509_LOOKUP: - outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_special(b); retry_reason=BIO_RR_SSL_X509_LOOKUP; break; case SSL_ERROR_WANT_CONNECT: - outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + BIO_set_retry_special(b); retry_reason=BIO_RR_CONNECT; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: @@ -228,7 +302,6 @@ int outl; } b->retry_reason=retry_reason; - b->flags=outflags; return(ret); } @@ -239,10 +312,14 @@ long num; char *ptr; { SSL **sslp,*ssl; + BIO_SSL *bs; BIO *dbio,*bio; long ret=1; - ssl=(SSL *)b->ptr; + bs=(BIO_SSL *)b->ptr; + ssl=bs->ssl; + if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) + return(0); switch (cmd) { case BIO_CTRL_RESET: @@ -262,7 +339,6 @@ char *ptr; else ret=1; break; - case BIO_CTRL_EOF: case BIO_CTRL_INFO: ret=0; break; @@ -272,17 +348,33 @@ char *ptr; else SSL_set_accept_state(ssl); break; + case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: + ret=bs->renegotiate_timeout; + if (num < 60) num=5; + bs->renegotiate_timeout=(unsigned long)num; + bs->last_time=(unsigned long)time(NULL); + break; + case BIO_C_SET_SSL_RENEGOTIATE_BYTES: + ret=bs->renegotiate_count; + if ((long)num >=512) + bs->renegotiate_count=(unsigned long)num; + break; + case BIO_C_GET_SSL_NUM_RENEGOTIATES: + ret=bs->num_renegotiates; + break; case BIO_C_SET_SSL: - ssl_free(b); + if (ssl != NULL) + ssl_free(b); b->shutdown=(int)num; - b->ptr=ptr; ssl=(SSL *)ptr; + ((BIO_SSL *)b->ptr)->ssl=ssl; bio=SSL_get_rbio(ssl); if (bio != NULL) { if (b->next_bio != NULL) BIO_push(bio,b->next_bio); b->next_bio=bio; + CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); } b->init=1; break; @@ -292,6 +384,8 @@ char *ptr; sslp=(SSL **)ptr; *sslp=ssl; } + else + ret=0; break; case BIO_CTRL_GET_CLOSE: ret=b->shutdown; @@ -313,10 +407,10 @@ char *ptr; BIO_copy_next_retry(b); break; case BIO_CTRL_PUSH: - if (b->next_bio != NULL) + if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { SSL_set_bio(ssl,b->next_bio,b->next_bio); - b->next_bio->references++; + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); } break; case BIO_CTRL_POP: @@ -355,13 +449,35 @@ char *ptr; break; case BIO_CTRL_DUP: dbio=(BIO *)ptr; - if (dbio->ptr != NULL) - SSL_free((SSL *)dbio->ptr); - dbio->ptr=(char *)SSL_dup(ssl); - ret=(dbio->ptr != NULL); + if (((BIO_SSL *)dbio->ptr)->ssl != NULL) + SSL_free(((BIO_SSL *)dbio->ptr)->ssl); + ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); + ((BIO_SSL *)dbio->ptr)->renegotiate_count= + ((BIO_SSL *)b->ptr)->renegotiate_count; + ((BIO_SSL *)dbio->ptr)->byte_count= + ((BIO_SSL *)b->ptr)->byte_count; + ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= + ((BIO_SSL *)b->ptr)->renegotiate_timeout; + ((BIO_SSL *)dbio->ptr)->last_time= + ((BIO_SSL *)b->ptr)->last_time; + ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); + break; + case BIO_C_GET_FD: + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + break; + case BIO_CTRL_SET_CALLBACK: + SSL_set_info_callback(ssl,(void (*)())ptr); + break; + case BIO_CTRL_GET_CALLBACK: + { + void (**fptr)(); + + fptr=(void (**)())ptr; + *fptr=SSL_get_info_callback(ssl); + } break; default: - return(0); + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); break; } return(ret); @@ -378,6 +494,42 @@ char *str; return(ret); } +BIO *BIO_new_buffer_ssl_connect(ctx) +SSL_CTX *ctx; + { + BIO *ret=NULL,*buf=NULL,*ssl=NULL; + + if ((buf=BIO_new(BIO_f_buffer())) == NULL) + return(NULL); + if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) + goto err; + if ((ret=BIO_push(buf,ssl)) == NULL) + goto err; + return(ret); +err: + if (buf != NULL) BIO_free(buf); + if (ssl != NULL) BIO_free(ssl); + return(NULL); + } + +BIO *BIO_new_ssl_connect(ctx) +SSL_CTX *ctx; + { + BIO *ret=NULL,*con=NULL,*ssl=NULL; + + if ((con=BIO_new(BIO_s_connect())) == NULL) + return(NULL); + if ((ssl=BIO_new_ssl(ctx,1)) == NULL) + goto err; + if ((ret=BIO_push(ssl,con)) == NULL) + goto err; + return(ret); +err: + if (con != NULL) BIO_free(con); + if (ret != NULL) BIO_free(ret); + return(NULL); + } + BIO *BIO_new_ssl(ctx,client) SSL_CTX *ctx; int client; @@ -408,9 +560,10 @@ BIO *t,*f; f=BIO_find_type(f,BIO_TYPE_SSL); if ((t == NULL) || (f == NULL)) return(0); - if ((t->ptr == NULL) || (f->ptr == NULL)) + if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || + (((BIO_SSL *)f->ptr)->ssl == NULL)) return(0); - SSL_copy_session_id((SSL *)t->ptr,(SSL *)f->ptr); + SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); return(1); } @@ -423,7 +576,7 @@ BIO *b; { if (b->method->type == BIO_TYPE_SSL) { - s=(SSL *)b->ptr; + s=((BIO_SSL *)b->ptr)->ssl; SSL_shutdown(s); break; } diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 57d3623f3f..a4661ebb68 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -1,5 +1,5 @@ /* ssl/s23_clnt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -76,10 +76,12 @@ static int ssl23_get_server_hello(); static SSL_METHOD *ssl23_get_client_method(ver) int ver; { - if (ver == 2) + if (ver == SSL2_VERSION) return(SSLv2_client_method()); - else if (ver == 3) + else if (ver == SSL3_VERSION) return(SSLv3_client_method()); + else if (ver == TLS1_VERSION) + return(TLSv1_client_method()); else return(NULL); } @@ -111,7 +113,7 @@ SSL *s; RAND_seed((unsigned char *)&Time,sizeof(Time)); ERR_clear_error(); - errno=0; + clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; @@ -134,7 +136,7 @@ SSL *s; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - s->version=3; + /* s->version=TLS1_VERSION; */ s->type=SSL_ST_CONNECT; if (s->init_buf == NULL) @@ -230,8 +232,26 @@ SSL *s; p=d+9; *(d++)=SSL2_MT_CLIENT_HELLO; - *(d++)=SSL3_VERSION_MAJOR; - *(d++)=SSL3_VERSION_MINOR; + if (!(s->options & SSL_OP_NO_TLSv1)) + { + *(d++)=TLS1_VERSION_MAJOR; + *(d++)=TLS1_VERSION_MINOR; + } + else if (!(s->options & SSL_OP_NO_SSLv3)) + { + *(d++)=SSL3_VERSION_MAJOR; + *(d++)=SSL3_VERSION_MINOR; + } + else if (!(s->options & SSL_OP_NO_SSLv2)) + { + *(d++)=SSL2_VERSION_MAJOR; + *(d++)=SSL2_VERSION_MINOR; + } + else + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); + return(-1); + } /* Ciphers supported */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); @@ -251,7 +271,7 @@ SSL *s; #endif s2n(0,d); - if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; @@ -290,7 +310,6 @@ SSL *s; unsigned char *p; int i,ch_len; int n; - BIO *bbio; n=ssl23_read_bytes(s,7); @@ -306,6 +325,11 @@ SSL *s; /* we need to clean up the SSLv3 setup and put in the * sslv2 stuff. */ + if (s->options & SSL_OP_NO_SSLv2) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } if (s->s2 == NULL) { if (!ssl2_new(s)) @@ -314,7 +338,7 @@ SSL *s; else ssl2_clear(s); - if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) + if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; @@ -355,33 +379,13 @@ SSL *s; } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && - (p[2] == SSL3_VERSION_MINOR) && + ((p[2] == SSL3_VERSION_MINOR) || + (p[2] == TLS1_VERSION_MINOR)) && (p[5] == SSL3_MT_SERVER_HELLO)) { - /* we have sslv3 */ + /* we have sslv3 or tls1 */ - if (s->bbio == NULL) - { - bbio=BIO_new(BIO_f_buffer()); - if (bbio == NULL) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); - goto err; - } - s->bbio=bbio; - } - else - bbio=s->bbio; - - BIO_reset(bbio); - if (!BIO_set_write_buffer_size(bbio,16*1024)) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); - goto err; - } - - /* start the buffering */ - s->wbio=BIO_push(s->bbio,s->wbio); + if (!ssl_init_wbio_buffer(s,1)) goto err; /* we are in this state */ s->state=SSL3_ST_CR_SRVR_HELLO_A; @@ -395,12 +399,30 @@ SSL *s; s->s3->rbuf.left=n; s->s3->rbuf.offset=0; - s->method=SSLv3_client_method(); + if ((p[2] == SSL3_VERSION_MINOR) && + !(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; + s->method=SSLv3_client_method(); + } + else if ((p[2] == TLS1_VERSION_MINOR) && + !(s->options & SSL_OP_NO_TLSv1)) + { + s->version=TLS1_VERSION; + s->method=TLSv1_client_method(); + } + else + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } + s->handshake_func=s->method->ssl_connect; } else if ((p[0] == SSL3_RT_ALERT) && (p[1] == SSL3_VERSION_MAJOR) && - (p[2] == SSL3_VERSION_MINOR) && + ((p[2] == SSL3_VERSION_MINOR) || + (p[2] == TLS1_VERSION_MINOR)) && (p[3] == 0) && (p[4] == 2)) { @@ -421,7 +443,7 @@ SSL *s; } s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL3_READ_BYTES,1000+p[6]); + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]); goto err; } else diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index ff19adc119..e16f641101 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -1,5 +1,5 @@ /* ssl/s23_lib.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -81,10 +81,10 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(); char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997"; static SSL_METHOD SSLv23_data= { - 3, - ssl3_new, - ssl3_clear, - ssl3_free, + TLS1_VERSION, + tls1_new, + tls1_clear, + tls1_free, ssl_undefined_function, ssl_undefined_function, ssl23_read, @@ -101,6 +101,7 @@ static SSL_METHOD SSLv23_data= { ssl23_get_cipher, ssl_bad_method, ssl23_default_timeout, + &ssl3_undef_enc_method, }; static long ssl23_default_timeout() @@ -179,7 +180,7 @@ int len; return(0); } #endif - errno=0; + clear_sys_error(); if (SSL_in_init(s) && (!s->in_handshake)) { n=s->handshake_func(s); @@ -212,7 +213,7 @@ int len; return(0); } #endif - errno=0; + clear_sys_error(); if (SSL_in_init(s) && (!s->in_handshake)) { n=s->handshake_func(s); diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c index dbe282bfd0..1eed7a54bc 100644 --- a/ssl/s23_meth.c +++ b/ssl/s23_meth.c @@ -1,5 +1,5 @@ /* ssl/s23_meth.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -63,10 +63,12 @@ static SSL_METHOD *ssl23_get_method(ver) int ver; { - if (ver == 2) + if (ver == SSL2_VERSION) return(SSLv23_method()); - else if (ver == 3) + else if (ver == SSL3_VERSION) return(SSLv3_method()); + else if (ver == TLS1_VERSION) + return(TLSv1_method()); else return(NULL); } diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c index e9b2add0b8..c25c312772 100644 --- a/ssl/s23_pkt.c +++ b/ssl/s23_pkt.c @@ -1,5 +1,5 @@ /* ssl/s23_pkt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 398f005821..c7b9ecbcf2 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -1,5 +1,5 @@ /* ssl/s23_srvr.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -74,10 +74,12 @@ int ssl23_get_client_hello(); static SSL_METHOD *ssl23_get_server_method(ver) int ver; { - if (ver == 2) + if (ver == SSL2_VERSION) return(SSLv2_server_method());< |