X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fs23_clnt.c;h=067216b1a229cdc6b1527f91d136510da6e357cc;hb=aa82db4fb49e8e3da38e39861837117ce12256bf;hp=597cc8772e9cf896154cae9b9b64dad2e36ecc92;hpb=dfeab0689f69c0b4bd3480ffd37a9cacc2f17d9c;p=openssl.git diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 597cc8772e..067216b1a2 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -57,28 +57,22 @@ */ #include -#include "buffer.h" -#include "rand.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include +#include #include "ssl_locl.h" -#define BREAK break - -#ifndef NOPROTO +static SSL_METHOD *ssl23_get_client_method(int ver); static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); -#else -static int ssl23_client_hello(); -static int ssl23_get_server_hello(); -#endif - -static SSL_METHOD *ssl23_get_client_method(ver) -int ver; +static SSL_METHOD *ssl23_get_client_method(int ver) { +#ifndef NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); - else if (ver == SSL3_VERSION) +#endif + if (ver == SSL3_VERSION) return(SSLv3_client_method()); else if (ver == TLS1_VERSION) return(TLSv1_client_method()); @@ -86,24 +80,23 @@ int ver; return(NULL); } -SSL_METHOD *SSLv23_client_method() +SSL_METHOD *SSLv23_client_method(void) { static int init=1; static SSL_METHOD SSLv23_client_data; if (init) { - init=0; memcpy((char *)&SSLv23_client_data, (char *)sslv23_base_method(),sizeof(SSL_METHOD)); SSLv23_client_data.ssl_connect=ssl23_connect; SSLv23_client_data.get_ssl_method=ssl23_get_client_method; + init=0; } return(&SSLv23_client_data); } -int ssl23_connect(s) -SSL *s; +int ssl23_connect(SSL *s) { BUF_MEM *buf; unsigned long Time=time(NULL); @@ -111,7 +104,7 @@ SSL *s; int ret= -1; int new_state,state; - RAND_seed((unsigned char *)&Time,sizeof(Time)); + RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); @@ -134,6 +127,13 @@ SSL *s; case SSL_ST_BEFORE|SSL_ST_CONNECT: case SSL_ST_OK|SSL_ST_CONNECT: + if (s->session != NULL) + { + SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); + ret= -1; + goto end; + } + s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); /* s->version=TLS1_VERSION; */ @@ -159,7 +159,7 @@ SSL *s; ssl3_init_finished_mac(s); s->state=SSL23_ST_CW_CLNT_HELLO_A; - s->ctx->sess_connect++; + s->ctx->stats.sess_connect++; s->init_num=0; break; @@ -188,7 +188,7 @@ SSL *s; /* break; */ } - if (s->debug) BIO_flush(s->wbio); + if (s->debug) { (void)BIO_flush(s->wbio); } if ((cb != NULL) && (s->state != state)) { @@ -206,8 +206,7 @@ end: } -static int ssl23_client_hello(s) -SSL *s; +static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; @@ -236,16 +235,19 @@ SSL *s; { *(d++)=TLS1_VERSION_MAJOR; *(d++)=TLS1_VERSION_MINOR; + s->client_version=TLS1_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv3)) { *(d++)=SSL3_VERSION_MAJOR; *(d++)=SSL3_VERSION_MINOR; + s->client_version=SSL3_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv2)) { *(d++)=SSL2_VERSION_MAJOR; *(d++)=SSL2_VERSION_MINOR; + s->client_version=SSL2_VERSION; } else { @@ -303,12 +305,11 @@ SSL *s; return(ssl23_write_bytes(s)); } -static int ssl23_get_server_hello(s) -SSL *s; +static int ssl23_get_server_hello(SSL *s) { char buf[8]; unsigned char *p; - int i,ch_len; + int i; int n; n=ssl23_read_bytes(s,7); @@ -321,9 +322,14 @@ SSL *s; if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && (p[5] == 0x00) && (p[6] == 0x02)) { +#ifdef NO_SSL2 + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3 setup and put in the * sslv2 stuff. */ + int ch_len; if (s->options & SSL_OP_NO_SSLv2) { @@ -376,6 +382,7 @@ SSL *s; s->method=SSLv2_client_method(); s->handshake_func=s->method->ssl_connect; +#endif } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) &&