X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs23_lib.c;h=f3c29d1dde61ec93d6e3fce69853d53539769e73;hp=8a9a9b63aa329d491d4678c61912c5e1648b8a93;hb=e0fc7961c4fbd27577fb519d9aea2dc788742715;hpb=a9be3af5ad4836f7e50f0546311ca90c717b861e diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 8a9a9b63aa..f3c29d1dde 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -60,88 +60,60 @@ #include #include "ssl_locl.h" -static int ssl23_num_ciphers(void ); -static SSL_CIPHER *ssl23_get_cipher(unsigned int u); -static int ssl23_read(SSL *s, void *buf, int len); -static int ssl23_write(SSL *s, const void *buf, int len); -static long ssl23_default_timeout(void ); -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; - -static SSL_METHOD SSLv23_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl23_read, - (int (*)(struct ssl_st *, char *, int))ssl_undefined_function, - ssl23_write, - ssl_undefined_function, - ssl_undefined_function, - ssl_ok, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl23_get_cipher_by_char, - ssl23_put_cipher_by_char, - ssl_undefined_function, - ssl23_num_ciphers, - ssl23_get_cipher, - ssl_bad_method, - ssl23_default_timeout, - &ssl3_undef_enc_method, - }; - -static long ssl23_default_timeout(void) +long ssl23_default_timeout(void) { return(300); } -SSL_METHOD *sslv23_base_method(void) - { - return(&SSLv23_data); - } - -static int ssl23_num_ciphers(void) +int ssl23_num_ciphers(void) { - return(ssl3_num_ciphers()+ssl2_num_ciphers()); + return(ssl3_num_ciphers() +#ifndef OPENSSL_NO_SSL2 + + ssl2_num_ciphers() +#endif + ); } -static SSL_CIPHER *ssl23_get_cipher(unsigned int u) +const SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); if (u < uu) return(ssl3_get_cipher(u)); else +#ifndef OPENSSL_NO_SSL2 return(ssl2_get_cipher(u-uu)); +#else + return(NULL); +#endif } /* This function needs to check if the ciphers required are actually * available */ -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; - unsigned long id; - int n; + const SSL_CIPHER *cp; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); +#ifndef OPENSSL_NO_SSL2 if (cp == NULL) cp=ssl2_get_cipher_by_char(p); +#endif return(cp); } -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c->algorithm_mkey == SSL_kECDHr || + c->algorithm_mkey == SSL_kECDHe || + c->algorithm_mkey == SSL_kEECDH || + c->algorithm_auth == SSL_aECDH || + c->algorithm_auth == SSL_aECDSA) + return 0; if (p != NULL) { l=c->id; @@ -152,17 +124,10 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -static int ssl23_read(SSL *s, void *buf, int len) +int ssl23_read(SSL *s, void *buf, int len) { int n; -#if 0 - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } -#endif clear_sys_error(); if (SSL_in_init(s) && (!s->in_handshake)) { @@ -182,17 +147,33 @@ static int ssl23_read(SSL *s, void *buf, int len) } } -static int ssl23_write(SSL *s, const void *buf, int len) +int ssl23_peek(SSL *s, void *buf, int len) { int n; -#if 0 - if (s->shutdown & SSL_SENT_SHUTDOWN) + clear_sys_error(); + if (SSL_in_init(s) && (!s->in_handshake)) { - s->rwstate=SSL_NOTHING; - return(0); + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } + return(SSL_peek(s,buf,len)); } -#endif + else + { + ssl_undefined_function(s); + return(-1); + } + } + +int ssl23_write(SSL *s, const void *buf, int len) + { + int n; + clear_sys_error(); if (SSL_in_init(s) && (!s->in_handshake)) {