ssl/s23_clnt.c

   1 /* ssl/s23_clnt.c */
   2 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
   3  * All rights reserved.
   4  *
   5  * This package is an SSL implementation written
   6  * by Eric Young (eay@cryptsoft.com).
   7  * The implementation was written so as to conform with Netscapes SSL.
   8  *
   9  * This library is free for commercial and non-commercial use as long as
  10  * the following conditions are aheared to.  The following conditions
  11  * apply to all code found in this distribution, be it the RC4, RSA,
  12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  13  * included with this distribution is covered by the same copyright terms
  14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15  *
  16  * Copyright remains Eric Young's, and as such any Copyright notices in
  17  * the code are not to be removed.
  18  * If this package is used in a product, Eric Young should be given attribution
  19  * as the author of the parts of the library used.
  20  * This can be in the form of a textual message at program startup or
  21  * in documentation (online or textual) provided with the package.
  22  *
  23  * Redistribution and use in source and binary forms, with or without
  24  * modification, are permitted provided that the following conditions
  25  * are met:
  26  * 1. Redistributions of source code must retain the copyright
  27  *    notice, this list of conditions and the following disclaimer.
  28  * 2. Redistributions in binary form must reproduce the above copyright
  29  *    notice, this list of conditions and the following disclaimer in the
  30  *    documentation and/or other materials provided with the distribution.
  31  * 3. All advertising materials mentioning features or use of this software
  32  *    must display the following acknowledgement:
  33  *    "This product includes cryptographic software written by
  34  *     Eric Young (eay@cryptsoft.com)"
  35  *    The word 'cryptographic' can be left out if the rouines from the library
  36  *    being used are not cryptographic related :-).
  37  * 4. If you include any Windows specific code (or a derivative thereof) from
  38  *    the apps directory (application code) you must include an acknowledgement:
  39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40  *
  41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51  * SUCH DAMAGE.
  52  *
  53  * The licence and distribution terms for any publically available version or
  54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  55  * copied and put under another distribution licence
  56  * [including the GNU Public Licence.]
  57  */
  58
  59 #include <stdio.h>
  60 #include "buffer.h"
  61 #include "rand.h"
  62 #include "objects.h"
  63 #include "evp.h"
  64 #include "ssl_locl.h"
  65
  66 #define BREAK break
  67
  68 #ifndef NOPROTO
  69 static int ssl23_client_hello(SSL *s);
  70 static int ssl23_get_server_hello(SSL *s);
  71 #else
  72 static int ssl23_client_hello();
  73 static int ssl23_get_server_hello();
  74 #endif
  75
  76 static SSL_METHOD *ssl23_get_client_method(ver)
  77 int ver;
  78         {
  79         if (ver == 2)
  80                 return(SSLv2_client_method());
  81         else if (ver == 3)
  82                 return(SSLv3_client_method());
  83         else
  84                 return(NULL);
  85         }
  86
  87 SSL_METHOD *SSLv23_client_method()
  88         {
  89         static int init=1;
  90         static SSL_METHOD SSLv23_client_data;
  91
  92         if (init)
  93                 {
  94                 init=0;
  95                 memcpy((char *)&SSLv23_client_data,
  96                         (char *)sslv23_base_method(),sizeof(SSL_METHOD));
  97                 SSLv23_client_data.ssl_connect=ssl23_connect;
  98                 SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
  99                 }
 100         return(&SSLv23_client_data);
 101         }
 102
 103 int ssl23_connect(s)
 104 SSL *s;
 105         {
 106         BUF_MEM *buf;
 107         unsigned long Time=time(NULL);
 108         void (*cb)()=NULL;
 109         int ret= -1;
 110         int new_state,state;
 111
 112         RAND_seed((unsigned char *)&Time,sizeof(Time));
 113         ERR_clear_error();
 114         errno=0;
 115
 116         if (s->info_callback != NULL)
 117                 cb=s->info_callback;
 118         else if (s->ctx->info_callback != NULL)
 119                 cb=s->ctx->info_callback;
 120
 121         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 122         s->in_handshake++;
 123
 124         for (;;)
 125                 {
 126                 state=s->state;
 127
 128                 switch(s->state)
 129                         {
 130                 case SSL_ST_BEFORE:
 131                 case SSL_ST_CONNECT:
 132                 case SSL_ST_BEFORE|SSL_ST_CONNECT:
 133                 case SSL_ST_OK|SSL_ST_CONNECT:
 134
 135                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 136
 137                         s->version=3;
 138                         s->type=SSL_ST_CONNECT;
 139
 140                         if (s->init_buf == NULL)
 141                                 {
 142                                 if ((buf=BUF_MEM_new()) == NULL)
 143                                         {
 144                                         ret= -1;
 145                                         goto end;
 146                                         }
 147                                 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
 148                                         {
 149                                         ret= -1;
 150                                         goto end;
 151                                         }
 152                                 s->init_buf=buf;
 153                                 }
 154
 155                         if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
 156
 157                         ssl3_init_finished_mac(s);
 158
 159                         s->state=SSL23_ST_CW_CLNT_HELLO_A;
 160                         s->ctx->sess_connect++;
 161                         s->init_num=0;
 162                         break;
 163
 164                 case SSL23_ST_CW_CLNT_HELLO_A:
 165                 case SSL23_ST_CW_CLNT_HELLO_B:
 166
 167                         s->shutdown=0;
 168                         ret=ssl23_client_hello(s);
 169                         if (ret <= 0) goto end;
 170                         s->state=SSL23_ST_CR_SRVR_HELLO_A;
 171                         s->init_num=0;
 172
 173                         break;
 174
 175                 case SSL23_ST_CR_SRVR_HELLO_A:
 176                 case SSL23_ST_CR_SRVR_HELLO_B:
 177                         ret=ssl23_get_server_hello(s);
 178                         if (ret >= 0) cb=NULL;
 179                         goto end;
 180                         break;
 181
 182                 default:
 183                         SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
 184                         ret= -1;
 185                         goto end;
 186                         /* break; */
 187                         }
 188
 189                 if (s->debug) BIO_flush(s->wbio);
 190
 191                 if ((cb != NULL) && (s->state != state))
 192                         {
 193                         new_state=s->state;
 194                         s->state=state;
 195                         cb(s,SSL_CB_CONNECT_LOOP,1);
 196                         s->state=new_state;
 197                         }
 198                 }
 199 end:
 200         s->in_handshake--;
 201         if (cb != NULL)
 202                 cb(s,SSL_CB_CONNECT_EXIT,ret);
 203         return(ret);
 204         }
 205
 206
 207 static int ssl23_client_hello(s)
 208 SSL *s;
 209         {
 210         unsigned char *buf;
 211         unsigned char *p,*d;
 212         int i,ch_len;
 213
 214         buf=(unsigned char *)s->init_buf->data;
 215         if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
 216                 {
 217 #if 0
 218                 /* don't reuse session-id's */
 219                 if (!ssl_get_new_session(s,0))
 220                         {
 221                         return(-1);
 222                         }
 223 #endif
 224
 225                 p=s->s3->client_random;
 226                 RAND_bytes(p,SSL3_RANDOM_SIZE);
 227
 228                 /* Do the message type and length last */
 229                 d= &(buf[2]);
 230                 p=d+9;
 231
 232                 *(d++)=SSL2_MT_CLIENT_HELLO;
 233                 *(d++)=SSL3_VERSION_MAJOR;
 234                 *(d++)=SSL3_VERSION_MINOR;
 235
 236                 /* Ciphers supported */
 237                 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
 238                 if (i == 0)
 239                         {
 240                         /* no ciphers */
 241                         SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
 242                         return(-1);
 243                         }
 244                 s2n(i,d);
 245                 p+=i;
 246
 247                 /* put in the session-id, zero since there is no
 248                  * reuse. */
 249 #if 0
 250                 s->session->session_id_length=0;
 251 #endif
 252                 s2n(0,d);
 253
 254                 if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
 255                         ch_len=SSL2_CHALLENGE_LENGTH;
 256                 else
 257                         ch_len=SSL2_MAX_CHALLENGE_LENGTH;
 258
 259                 /* write out sslv2 challenge */
 260                 if (SSL3_RANDOM_SIZE < ch_len)
 261                         i=SSL3_RANDOM_SIZE;
 262                 else
 263                         i=ch_len;
 264                 s2n(i,d);
 265                 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
 266                 RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 267                 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 268                 p+=i;
 269
 270                 i= p- &(buf[2]);
 271                 buf[0]=((i>>8)&0xff)|0x80;
 272                 buf[1]=(i&0xff);
 273
 274                 s->state=SSL23_ST_CW_CLNT_HELLO_B;
 275                 /* number of bytes to write */
 276                 s->init_num=i+2;
 277                 s->init_off=0;
 278
 279                 ssl3_finish_mac(s,&(buf[2]),i);
 280                 }
 281
 282         /* SSL3_ST_CW_CLNT_HELLO_B */
 283         return(ssl23_write_bytes(s));
 284         }
 285
 286 static int ssl23_get_server_hello(s)
 287 SSL *s;
 288         {
 289         char buf[8];
 290         unsigned char *p;
 291         int i,ch_len;
 292         int n;
 293         BIO *bbio;
 294
 295         n=ssl23_read_bytes(s,7);
 296
 297         if (n != 7) return(n);
 298         p=s->packet;
 299
 300         memcpy(buf,p,n);
 301
 302         if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
 303                 (p[5] == 0x00) && (p[6] == 0x02))
 304                 {
 305                 /* we are talking sslv2 */
 306                 /* we need to clean up the SSLv3 setup and put in the
 307                  * sslv2 stuff. */
 308
 309                 if (s->s2 == NULL)
 310                         {
 311                         if (!ssl2_new(s))
 312                                 goto err;
 313                         }
 314                 else
 315                         ssl2_clear(s);
 316
 317                 if (s->ctx->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
 318                         ch_len=SSL2_CHALLENGE_LENGTH;
 319                 else
 320                         ch_len=SSL2_MAX_CHALLENGE_LENGTH;
 321
 322                 /* write out sslv2 challenge */
 323                 i=(SSL3_RANDOM_SIZE < ch_len)
 324                         ?SSL3_RANDOM_SIZE:ch_len;
 325                 s->s2->challenge_length=i;
 326                 memcpy(s->s2->challenge,
 327                         &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 328
 329                 if (s->s3 != NULL) ssl3_free(s);
 330
 331                 if (!BUF_MEM_grow(s->init_buf,
 332                         SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 333                         {
 334                         SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
 335                         goto err;
 336                         }
 337
 338                 s->state=SSL2_ST_GET_SERVER_HELLO_A;
 339                 s->s2->ssl2_rollback=1;
 340
 341                 /* setup the 5 bytes we have read so we get them from
 342                  * the sslv2 buffer */
 343                 s->rstate=SSL_ST_READ_HEADER;
 344                 s->packet_length=n;
 345                 s->packet= &(s->s2->rbuf[0]);
 346                 memcpy(s->packet,buf,n);
 347                 s->s2->rbuf_left=n;
 348                 s->s2->rbuf_offs=0;
 349
 350                 /* we have already written one */
 351                 s->s2->write_sequence=1;
 352
 353                 s->method=SSLv2_client_method();
 354                 s->handshake_func=s->method->ssl_connect;
 355                 }
 356         else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 357                  (p[1] == SSL3_VERSION_MAJOR) &&
 358                  (p[2] == SSL3_VERSION_MINOR) &&
 359                  (p[5] == SSL3_MT_SERVER_HELLO))
 360                 {
 361                 /* we have sslv3 */
 362
 363                 if (s->bbio == NULL)
 364                         {
 365                         bbio=BIO_new(BIO_f_buffer());
 366                         if (bbio == NULL)
 367                                 {
 368                                 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
 369                                 goto err;
 370                                 }
 371                         s->bbio=bbio;
 372                         }
 373                 else
 374                         bbio=s->bbio;
 375
 376                 BIO_reset(bbio);
 377                 if (!BIO_set_write_buffer_size(bbio,16*1024))
 378                         {
 379                         SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
 380                         goto err;
 381                         }
 382
 383                 /* start the buffering */
 384                 s->wbio=BIO_push(s->bbio,s->wbio);
 385
 386                 /* we are in this state */
 387                 s->state=SSL3_ST_CR_SRVR_HELLO_A;
 388
 389                 /* put the 5 bytes we have read into the input buffer
 390                  * for SSLv3 */
 391                 s->rstate=SSL_ST_READ_HEADER;
 392                 s->packet_length=n;
 393                 s->packet= &(s->s3->rbuf.buf[0]);
 394                 memcpy(s->packet,buf,n);
 395                 s->s3->rbuf.left=n;
 396                 s->s3->rbuf.offset=0;
 397
 398                 s->method=SSLv3_client_method();
 399                 s->handshake_func=s->method->ssl_connect;
 400                 }
 401         else if ((p[0] == SSL3_RT_ALERT) &&
 402                  (p[1] == SSL3_VERSION_MAJOR) &&
 403                  (p[2] == SSL3_VERSION_MINOR) &&
 404                  (p[3] == 0) &&
 405                  (p[4] == 2))
 406                 {
 407                 void (*cb)()=NULL;
 408                 int j;
 409
 410                 /* An alert */
 411                 if (s->info_callback != NULL)
 412                         cb=s->info_callback;
 413                 else if (s->ctx->info_callback != NULL)
 414                         cb=s->ctx->info_callback;
 415
 416                 i=p[5];
 417                 if (cb != NULL)
 418                         {
 419                         j=(i<<8)|p[6];
 420                         cb(s,SSL_CB_READ_ALERT,j);
 421                         }
 422
 423                 s->rwstate=SSL_NOTHING;
 424                 SSLerr(SSL_F_SSL3_READ_BYTES,1000+p[6]);
 425                 goto err;
 426                 }
 427         else
 428                 {
 429                 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
 430                 goto err;
 431                 }
 432         s->init_num=0;
 433
 434         /* Since, if we are sending a ssl23 client hello, we are not
 435          * reusing a session-id */
 436         if (!ssl_get_new_session(s,0))
 437                 goto err;
 438
 439         s->first_packet=1;
 440         return(SSL_connect(s));
 441 err:
 442         return(-1);
 443         }
 444