Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled

author Bodo Möller <bodo@openssl.org>

Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)

committer Bodo Möller <bodo@openssl.org>

Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)
author Bodo Möller <bodo@openssl.org>
Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)
committer Bodo Möller <bodo@openssl.org>
Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)
diff --git a/CHANGES b/CHANGES

index 96ff52c52a580424767993d5dd3d4faf82273d09..0be0a88e1b7c087c6398974e6053060a2cb65b93 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
   OpenSSL CHANGES
   _______________
  
   OpenSSL CHANGES
   _______________
  
- Changes between 0.9.7g and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7h and 0.9.8  [xx XXX xxxx]
  
    *) Add new functionality to the bn blinding code:
       - automatic re-creation of the BN_BLINDING parameters after
  
    *) Add new functionality to the bn blinding code:
       - automatic re-creation of the BN_BLINDING parameters after
@@ -794,6 +794,13 @@
  
   Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
  
  
   Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
  
+  *) Change the client implementation for SSLv23_method() and
+     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+     (Previously, the SSL 2.0 backwards compatible Client Hello
+     message format would be used even with SSL_OP_NO_SSLv2.)
+     [Bodo Moeller]
+
    *) Add support for smime-type MIME parameter in S/MIME messages which some
       clients need.
       [Steve Henson]
    *) Add support for smime-type MIME parameter in S/MIME messages which some
       clients need.
       [Steve Henson]
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c

index d2340c8a3e02dc1132f4d99dfeb86cef5ae37db1..bcf5ebbd3ed737dbfac91f52bd63970e64414787 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -597,7 +597,7 @@ int dtls1_client_hello(SSL *s)
                 p += s->d1->cookie_len;
  
                 /* Ciphers supported */
                 p += s->d1->cookie_len;
  
                 /* Ciphers supported */
-               i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+               i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
                 if (i == 0)
                         {
                         SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                 if (i == 0)
                         {
                         SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c

index 3384fb765e3ef4d2951c6ee0d3cc6557fbda20b8..c951573db33ddf23718082c19d43a0302419eb43 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
         {
         unsigned char *buf;
         unsigned char *p,*d;
-       int i,ch_len;
+       int i,j,ch_len;
+       unsigned long Time,l;
+       int ssl2_compat;
+       int version = 0, version_major, version_minor;
+       SSL_COMP *comp;
         int ret;
  
         int ret;
  
+       ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+
+       if (!(s->options & SSL_OP_NO_TLSv1))
+               {
+               version = TLS1_VERSION;
+               }
+       else if (!(s->options & SSL_OP_NO_SSLv3))
+               {
+               version = SSL3_VERSION;
+               }
+       else if (!(s->options & SSL_OP_NO_SSLv2))
+               {
+               version = SSL2_VERSION;
+               }
+
         buf=(unsigned char *)s->init_buf->data;
         if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
                 {
         buf=(unsigned char *)s->init_buf->data;
         if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
                 {
@@ -235,31 +254,25 @@ static int ssl23_client_hello(SSL *s)
  #endif
  
                 p=s->s3->client_random;
  #endif
  
                 p=s->s3->client_random;
-               if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+               Time=time(NULL);                        /* Time */
+               l2n(Time,p);
+               if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                         return -1;
  
                         return -1;
  
-               /* Do the message type and length last */
-               d= &(buf[2]);
-               p=d+9;
-
-               *(d++)=SSL2_MT_CLIENT_HELLO;
-               if (!(s->options & SSL_OP_NO_TLSv1))
+               if (version == TLS1_VERSION)
                         {
                         {
-                       *(d++)=TLS1_VERSION_MAJOR;
-                       *(d++)=TLS1_VERSION_MINOR;
-                       s->client_version=TLS1_VERSION;
+                       version_major = TLS1_VERSION_MAJOR;
+                       version_minor = TLS1_VERSION_MINOR;
                         }
                         }
-               else if (!(s->options & SSL_OP_NO_SSLv3))
+               else if (version == SSL3_VERSION)
                         {
                         {
-                       *(d++)=SSL3_VERSION_MAJOR;
-                       *(d++)=SSL3_VERSION_MINOR;
-                       s->client_version=SSL3_VERSION;
+                       version_major = SSL3_VERSION_MAJOR;
+                       version_minor = SSL3_VERSION_MINOR;
                         }
                         }
-               else if (!(s->options & SSL_OP_NO_SSLv2))
+               else if (version == SSL2_VERSION)
                         {
                         {
-                       *(d++)=SSL2_VERSION_MAJOR;
-                       *(d++)=SSL2_VERSION_MINOR;
-                       s->client_version=SSL2_VERSION;
+                       version_major = SSL2_VERSION_MAJOR;
+                       version_minor = SSL2_VERSION_MINOR;
                         }
                 else
                         {
                         }
                 else
                         {
@@ -267,59 +280,153 @@ static int ssl23_client_hello(SSL *s)
                         return(-1);
                         }
  
                         return(-1);
                         }
  
-               /* Ciphers supported */
-               i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
-               if (i == 0)
+               s->client_version = version;
+
+               if (ssl2_compat)
                         {
                         {
-                       /* no ciphers */
-                       SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-                       return(-1);
-                       }
-               s2n(i,d);
-               p+=i;
+                       /* create SSL 2.0 compatible Client Hello */
  
  
-               /* put in the session-id, zero since there is no
-                * reuse. */
+                       /* two byte record header will be written last */
+                       d = &(buf[2]);
+                       p = d + 9; /* leave space for message type, version, individual length fields */
+
+                       *(d++) = SSL2_MT_CLIENT_HELLO;
+                       *(d++) = version_major;
+                       *(d++) = version_minor;
+                       
+                       /* Ciphers supported */
+                       i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
+                       if (i == 0)
+                               {
+                               /* no ciphers */
+                               SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                               return -1;
+                               }
+                       s2n(i,d);
+                       p+=i;
+                       
+                       /* put in the session-id length (zero since there is no reuse) */
  #if 0
  #if 0
-               s->session->session_id_length=0;
+                       s->session->session_id_length=0;
  #endif
  #endif
-               s2n(0,d);
-
-               if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-                       ch_len=SSL2_CHALLENGE_LENGTH;
+                       s2n(0,d);
+
+                       if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                               ch_len=SSL2_CHALLENGE_LENGTH;
+                       else
+                               ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+                       /* write out sslv2 challenge */
+                       if (SSL3_RANDOM_SIZE < ch_len)
+                               i=SSL3_RANDOM_SIZE;
+                       else
+                               i=ch_len;
+                       s2n(i,d);
+                       memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
+                       if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
+                               return -1;
+
+                       memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+                       p+=i;
+
+                       i= p- &(buf[2]);
+                       buf[0]=((i>>8)&0xff)|0x80;
+                       buf[1]=(i&0xff);
+
+                       /* number of bytes to write */
+                       s->init_num=i+2;
+                       s->init_off=0;
+
+                       ssl3_finish_mac(s,&(buf[2]),i);
+                       }
                 else
                 else
-                       ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+                       {
+                       /* create Client Hello in SSL 3.0/TLS 1.0 format */
  
  
-               /* write out sslv2 challenge */
-               if (SSL3_RANDOM_SIZE < ch_len)
-                       i=SSL3_RANDOM_SIZE;
-               else
-                       i=ch_len;
-               s2n(i,d);
-               memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-               if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
-                       return -1;
+                       /* do the record header (5 bytes) and handshake message header (4 bytes) last */
+                       d = p = &(buf[9]);
+                       
+                       *(p++) = version_major;
+                       *(p++) = version_minor;
+
+                       /* Random stuff */
+                       memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+                       p += SSL3_RANDOM_SIZE;
+
+                       /* Session ID (zero since there is no reuse) */
+                       *(p++) = 0;
+
+                       /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
+                       i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
+                       if (i == 0)
+                               {
+                               SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+                               return -1;
+                               }
+                       s2n(i,p);
+                       p+=i;
+
+                       /* COMPRESSION */
+                       if (s->ctx->comp_methods == NULL)
+                               j=0;
+                       else
+                               j=sk_SSL_COMP_num(s->ctx->comp_methods);
+                       *(p++)=1+j;
+                       for (i=0; i<j; i++)
+                               {
+                               comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+                               *(p++)=comp->id;
+                               }
+                       *(p++)=0; /* Add the NULL method */
+                       
+                       l = p-d;
+                       *p = 42;
  
  
-               memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-               p+=i;
+                       /* fill in 4-byte handshake header */
+                       d=&(buf[5]);
+                       *(d++)=SSL3_MT_CLIENT_HELLO;
+                       l2n3(l,d);
  
  
-               i= p- &(buf[2]);
-               buf[0]=((i>>8)&0xff)|0x80;
-               buf[1]=(i&0xff);
+                       l += 4;
+
+                       if (l > SSL3_RT_MAX_PLAIN_LENGTH)
+                               {
+                               SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+                               return -1;
+                               }
+                       
+                       /* fill in 5-byte record header */
+                       d=buf;
+                       *(d++) = SSL3_RT_HANDSHAKE;
+                       *(d++) = version_major;
+                       *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
+                                                * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
+                       s2n((int)l,d);
+
+                       /* number of bytes to write */
+                       s->init_num=p-buf;
+                       s->init_off=0;
+
+                       ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
+                       }
  
                 s->state=SSL23_ST_CW_CLNT_HELLO_B;
  
                 s->state=SSL23_ST_CW_CLNT_HELLO_B;
-               /* number of bytes to write */
-               s->init_num=i+2;
                 s->init_off=0;
                 s->init_off=0;
-
-               ssl3_finish_mac(s,&(buf[2]),i);
                 }
  
         /* SSL3_ST_CW_CLNT_HELLO_B */
         ret = ssl23_write_bytes(s);
                 }
  
         /* SSL3_ST_CW_CLNT_HELLO_B */
         ret = ssl23_write_bytes(s);
-       if (ret >= 2)
-               if (s->msg_callback)
-                       s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+
+       if ((ret >= 2) && s->msg_callback)
+               {
+               /* Client Hello has been sent; tell msg_callback */
+
+               if (ssl2_compat)
+                       s->msg_callback(1, version, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
+               else
+                       s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
+               }
+
         return ret;
         }
  
         return ret;
         }
  
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c

index 415cdabb24df91a06b70c5af2c4b2ca9c62bac19..33ea7592c489b72847a91241550c69fdb11f70e3 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -584,7 +584,7 @@ static int client_hello(SSL *s)
                 s2n(SSL2_VERSION,p);                    /* version */
                 n=j=0;
  
                 s2n(SSL2_VERSION,p);                    /* version */
                 n=j=0;
  
-               n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+               n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
                 d+=n;
  
                 if (n == 0)
                 d+=n;
  
                 if (n == 0)
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c

index 7cc160b1ad790b7df1c382620cf5279dca1ed183..546feb5174d56e238b68de9b206b75b254bdfe41 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -797,7 +797,7 @@ static int server_hello(SSL *s)
                         /* lets send out the ciphers we like in the
                          * prefered order */
                         sk= s->session->ciphers;
                         /* lets send out the ciphers we like in the
                          * prefered order */
                         sk= s->session->ciphers;
-                       n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
+                       n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
                         d+=n;
                         s2n(n,p);               /* add cipher length */
                         }
                         d+=n;
                         s2n(n,p);               /* add cipher length */
                         }
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 744748dd5b62c1e8fe7c9c06ff16880b324209cb..d0d1e51019309c3cfacbcb6af757858d78b9ec09 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -584,7 +584,7 @@ int ssl3_client_hello(SSL *s)
                         }
                 
                 /* Ciphers supported */
                         }
                 
                 /* Ciphers supported */
-               i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+               i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
                 if (i == 0)
                         {
                         SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                 if (i == 0)
                         {
                         SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index b504c2cea232f5bca732680102609416efbebe78..d716d97c54771299d79f294ddcd8816dfdffd5d3 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1204,7 +1204,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
         return(buf);
         }
  
         return(buf);
         }
  
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+                             int (*put_cb)(const SSL_CIPHER *, unsigned char *))
         {
         int i,j=0;
         SSL_CIPHER *c;
         {
         int i,j=0;
         SSL_CIPHER *c;
@@ -1223,7 +1224,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
                  if ((c->algorithms & SSL_KRB5) && nokrb5)
                      continue;
  #endif /* OPENSSL_NO_KRB5 */                    
                  if ((c->algorithms & SSL_KRB5) && nokrb5)
                      continue;
  #endif /* OPENSSL_NO_KRB5 */                    
-               j=ssl_put_cipher_by_char(s,c,p);
+
+               j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                 p+=j;
                 }
         return(p-q);
                 p+=j;
                 }
         return(p-q);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 54b34d48ac01b306a8c38834107d322aee2bf133..8cbe26c01ee32c3528c1fae7e784e3d5f43a7c67 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -527,7 +527,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
                         const SSL_CIPHER * const *bp);
  STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp);
                         const SSL_CIPHER * const *bp);
  STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                                STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
  STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
                                              STACK_OF(SSL_CIPHER) **pref,
                                              STACK_OF(SSL_CIPHER) **sorted,
  STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
                                              STACK_OF(SSL_CIPHER) **pref,
                                              STACK_OF(SSL_CIPHER) **sorted,
author	Bodo Möller <bodo@openssl.org>
	Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Wed, 11 May 2005 18:25:49 +0000 (18:25 +0000)
CHANGES		patch \| blob \| history
ssl/d1_clnt.c		patch \| blob \| history
ssl/s23_clnt.c		patch \| blob \| history
ssl/s2_clnt.c		patch \| blob \| history
ssl/s2_srvr.c		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history