generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled

Browse Source 
with the SSL_OP_NO_SSLv2 option.
This commit is contained in:
Bodo Möller 2005-05-11 18:25:49 +00:00
parent 4b26fe30de
commit c6c2e3135d
8 changed files with 181 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -2,7 +2,7 @@
OpenSSL CHANGES
_______________
Changes between 0.9.7g and 0.9.8 [xx XXX xxxx]
Changes between 0.9.7h and 0.9.8 [xx XXX xxxx]
*) Add new functionality to the bn blinding code:
- automatic re-creation of the BN_BLINDING parameters after
@ -794,6 +794,13 @@
Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
*) Change the client implementation for SSLv23_method() and
SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
(Previously, the SSL 2.0 backwards compatible Client Hello
message format would be used even with SSL_OP_NO_SSLv2.)
[Bodo Moeller]
*) Add support for smime-type MIME parameter in S/MIME messages which some
clients need.
[Steve Henson]

2
ssl/d1_clnt.c
View File

@ -597,7 +597,7 @@ int dtls1_client_hello(SSL *s)
p += s->d1->cookie_len;
/* Ciphers supported */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
if (i == 0)
{
SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

219
ssl/s23_clnt.c
View File

@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
int i,ch_len;
int i,j,ch_len;
unsigned long Time,l;
int ssl2_compat;
int version = 0, version_major, version_minor;
SSL_COMP *comp;
int ret;
ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
if (!(s->options & SSL_OP_NO_TLSv1))
{
version = TLS1_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
version = SSL3_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
version = SSL2_VERSION;
}
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
{
@ -235,31 +254,25 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
Time=time(NULL); /* Time */
l2n(Time,p);
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
return -1;
/* Do the message type and length last */
d= &(buf[2]);
p=d+9;
*(d++)=SSL2_MT_CLIENT_HELLO;
if (!(s->options & SSL_OP_NO_TLSv1))
if (version == TLS1_VERSION)
{
*(d++)=TLS1_VERSION_MAJOR;
*(d++)=TLS1_VERSION_MINOR;
s->client_version=TLS1_VERSION;
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
else if (version == SSL3_VERSION)
{
*(d++)=SSL3_VERSION_MAJOR;
*(d++)=SSL3_VERSION_MINOR;
s->client_version=SSL3_VERSION;
version_major = SSL3_VERSION_MAJOR;
version_minor = SSL3_VERSION_MINOR;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
else if (version == SSL2_VERSION)
{
*(d++)=SSL2_VERSION_MAJOR;
*(d++)=SSL2_VERSION_MINOR;
s->client_version=SSL2_VERSION;
version_major = SSL2_VERSION_MAJOR;
version_minor = SSL2_VERSION_MINOR;
}
else
{
@ -267,59 +280,153 @@ static int ssl23_client_hello(SSL *s)
return(-1);
}
/* Ciphers supported */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
if (i == 0)
s->client_version = version;
if (ssl2_compat)
{
/* no ciphers */
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
return(-1);
}
s2n(i,d);
p+=i;
/* create SSL 2.0 compatible Client Hello */
/* put in the session-id, zero since there is no
* reuse. */
/* two byte record header will be written last */
d = &(buf[2]);
p = d + 9; /* leave space for message type, version, individual length fields */
*(d++) = SSL2_MT_CLIENT_HELLO;
*(d++) = version_major;
*(d++) = version_minor;
/* Ciphers supported */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
if (i == 0)
{
/* no ciphers */
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
s2n(i,d);
p+=i;
/* put in the session-id length (zero since there is no reuse) */
#if 0
s->session->session_id_length=0;
s->session->session_id_length=0;
#endif
s2n(0,d);
s2n(0,d);
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
ch_len=SSL2_CHALLENGE_LENGTH;
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
ch_len=SSL2_CHALLENGE_LENGTH;
else
ch_len=SSL2_MAX_CHALLENGE_LENGTH;
/* write out sslv2 challenge */
if (SSL3_RANDOM_SIZE < ch_len)
i=SSL3_RANDOM_SIZE;
else
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
return -1;
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
i= p- &(buf[2]);
buf[0]=((i>>8)&0xff)|0x80;
buf[1]=(i&0xff);
/* number of bytes to write */
s->init_num=i+2;
s->init_off=0;
ssl3_finish_mac(s,&(buf[2]),i);
}
else
ch_len=SSL2_MAX_CHALLENGE_LENGTH;
{
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* write out sslv2 challenge */
if (SSL3_RANDOM_SIZE < ch_len)
i=SSL3_RANDOM_SIZE;
else
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
return -1;
/* do the record header (5 bytes) and handshake message header (4 bytes) last */
d = p = &(buf[9]);
*(p++) = version_major;
*(p++) = version_minor;
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
/* Random stuff */
memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;
i= p- &(buf[2]);
buf[0]=((i>>8)&0xff)|0x80;
buf[1]=(i&0xff);
/* Session ID (zero since there is no reuse) */
*(p++) = 0;
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
if (i == 0)
{
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
}
s2n(i,p);
p+=i;
/* COMPRESSION */
if (s->ctx->comp_methods == NULL)
j=0;
else
j=sk_SSL_COMP_num(s->ctx->comp_methods);
*(p++)=1+j;
for (i=0; i<j; i++)
{
comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
*(p++)=comp->id;
}
*(p++)=0; /* Add the NULL method */
l = p-d;
*p = 42;
/* fill in 4-byte handshake header */
d=&(buf[5]);
*(d++)=SSL3_MT_CLIENT_HELLO;
l2n3(l,d);
l += 4;
if (l > SSL3_RT_MAX_PLAIN_LENGTH)
{
SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
return -1;
}
/* fill in 5-byte record header */
d=buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
*(d++) = version_minor; /* arguably we should send the *lowest* suported version here
* (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
s2n((int)l,d);
/* number of bytes to write */
s->init_num=p-buf;
s->init_off=0;
ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
}
s->state=SSL23_ST_CW_CLNT_HELLO_B;
/* number of bytes to write */
s->init_num=i+2;
s->init_off=0;
ssl3_finish_mac(s,&(buf[2]),i);
}
/* SSL3_ST_CW_CLNT_HELLO_B */
ret = ssl23_write_bytes(s);
if (ret >= 2)
if (s->msg_callback)
s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
if ((ret >= 2) && s->msg_callback)
{
/* Client Hello has been sent; tell msg_callback */
if (ssl2_compat)
s->msg_callback(1, version, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
else
s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
}
return ret;
}

2
ssl/s2_clnt.c
View File

@ -584,7 +584,7 @@ static int client_hello(SSL *s)
s2n(SSL2_VERSION,p); /* version */
n=j=0;
n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
d+=n;
if (n == 0)

2
ssl/s2_srvr.c
View File

@ -797,7 +797,7 @@ static int server_hello(SSL *s)
/* lets send out the ciphers we like in the
* prefered order */
sk= s->session->ciphers;
n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
d+=n;
s2n(n,p); /* add cipher length */
}

2
ssl/s3_clnt.c
View File

@ -584,7 +584,7 @@ int ssl3_client_hello(SSL *s)
}
/* Ciphers supported */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
if (i == 0)
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);

6
ssl/ssl_lib.c
View File

@ -1204,7 +1204,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
return(buf);
}
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
int (*put_cb)(const SSL_CIPHER *, unsigned char *))
{
int i,j=0;
SSL_CIPHER *c;
@ -1223,7 +1224,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
if ((c->algorithms & SSL_KRB5) && nokrb5)
continue;
#endif /* OPENSSL_NO_KRB5 */
j=ssl_put_cipher_by_char(s,c,p);
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j;
}
return(p-q);

3
ssl/ssl_locl.h
View File

@ -527,7 +527,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp);
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
int (*put_cb)(const SSL_CIPHER *, unsigned char *));
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER) **sorted,