diff options
| author | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2003-01-28 21:43:22 +0000 |
| commit | aad1d64cb5a8d9b503d9199642363dc1e92d2f9b (patch) | |
| tree | 610a51c6e3965764fb0f1629c1376e2d23afffe8 /crypto/openssl/ssl/s23_srvr.c | |
| parent | eba366e36e93f5da8ae5c744eb337c3ef6872641 (diff) | |
| download | FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.zip FreeBSD-src-aad1d64cb5a8d9b503d9199642363dc1e92d2f9b.tar.gz | |
Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
Diffstat (limited to 'crypto/openssl/ssl/s23_srvr.c')
| -rw-r--r-- | crypto/openssl/ssl/s23_srvr.c | 111 |
1 files changed, 31 insertions, 80 deletions
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index b40bb01..c5404ca 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -110,17 +110,17 @@ */ #include <stdio.h> +#include "ssl_locl.h" #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include "ssl_locl.h" static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif @@ -139,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void) if (init) { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_server_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_server_data.ssl_accept=ssl23_accept; + SSLv23_server_data.get_ssl_method=ssl23_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } @@ -152,7 +159,7 @@ int ssl23_accept(SSL *s) { BUF_MEM *buf; unsigned long Time=time(NULL); - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; @@ -255,13 +262,13 @@ int ssl23_get_client_hello(SSL *s) * 9/10 client_version / */ char *buf= &(buf_space[0]); - unsigned char *p,*d,*dd; + unsigned char *p,*d,*d_len,*dd; unsigned int i; unsigned int csl,sil,cl; int n=0,j; int type=0; int v[2]; -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA int use_sslv2_strong=0; #endif @@ -323,72 +330,6 @@ int ssl23_get_client_hello(SSL *s) else if (!(s->options & SSL_OP_NO_SSLv2)) type=1; - if (s->options & SSL_OP_NON_EXPORT_FIRST) - /* Not only utterly confusing, but broken - * ('fractured programming'?) -- the details - * of this block nearly make it work - * as intended in this environment, but on one - * of the fine points (w.r.t. restarts) it fails. - * The obvious fix would be even more devastating - * to program structure; if you want the functionality, - * throw this away and implement it in a way - * that makes sense */ - { -#if 0 - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int ne2,ne3; - - j=((p[0]&0x7f)<<8)|p[1]; - if (j > (1024*4)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); - goto err; - } - - n=ssl23_read_bytes(s,j+2); - if (n <= 0) return(n); - p=s->packet; - - if ((buf=OPENSSL_malloc(n)) == NULL) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(buf,p,n); - - p+=5; - n2s(p,csl); - p+=4; - - sk=ssl_bytes_to_cipher_list( - s,p,csl,NULL); - if (sk != NULL) - { - ne2=ne3=0; - for (j=0; j<sk_SSL_CIPHER_num(sk); j++) - { - c=sk_SSL_CIPHER_value(sk,j); - if (!SSL_C_IS_EXPORT(c)) - { - if ((c->id>>24L) == 2L) - ne2=1; - else - ne3=1; - } - } - if (ne2 && !ne3) - { - type=1; - use_sslv2_strong=1; - goto next_bit; - } - } -#else - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION); - goto err; -#endif - } } } else if ((p[0] == SSL3_RT_HANDSHAKE) && @@ -486,7 +427,9 @@ int ssl23_get_client_hello(SSL *s) j=ssl23_read_bytes(s,n+2); if (j <= 0) return(j); - ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); + ssl3_finish_mac(s, s->packet+2, s->packet_length-2); + if (s->msg_callback) + s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ p=s->packet; p+=5; @@ -500,6 +443,13 @@ int ssl23_get_client_hello(SSL *s) goto err; } + /* record header: msg_type ... */ + *(d++) = SSL3_MT_CLIENT_HELLO; + /* ... and length (actual value will be written later) */ + d_len = d; + d += 3; + + /* client_version */ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ *(d++) = v[1]; @@ -530,7 +480,8 @@ int ssl23_get_client_hello(SSL *s) *(d++)=1; *(d++)=0; - i=(d-(unsigned char *)s->init_buf->data); + i = (d-(unsigned char *)s->init_buf->data) - 4; + l2n3((long)i, d_len); /* get the data reused from the init_buf */ s->s3->tmp.reuse_message=1; @@ -543,7 +494,7 @@ int ssl23_get_client_hello(SSL *s) if (type == 1) { -#ifdef NO_SSL2 +#ifdef OPENSSL_NO_SSL2 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else @@ -561,7 +512,7 @@ int ssl23_get_client_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; |
