From bbf556937e9e7a9287e037d57be280cd8eaf58a0 Mon Sep 17 00:00:00 2001 From: guenther Date: Wed, 16 Apr 2014 15:10:07 +0000 Subject: [PATCH] Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@ --- lib/libssl/s23_clnt.c | 283 +++++++++++++--------------------- lib/libssl/s23_srvr.c | 19 ++- lib/libssl/src/ssl/s23_clnt.c | 283 +++++++++++++--------------------- lib/libssl/src/ssl/s23_srvr.c | 19 ++- lib/libssl/src/ssl/ssl_asn1.c | 29 +--- lib/libssl/src/ssl/ssl_lib.c | 84 ++++------ lib/libssl/src/ssl/ssl_locl.h | 39 +---- lib/libssl/src/ssl/ssl_sess.c | 40 ++--- lib/libssl/src/ssl/ssl_txt.c | 4 +- lib/libssl/ssl_asn1.c | 29 +--- lib/libssl/ssl_lib.c | 84 ++++------ lib/libssl/ssl_locl.h | 39 +---- lib/libssl/ssl_sess.c | 40 ++--- lib/libssl/ssl_txt.c | 4 +- 14 files changed, 346 insertions(+), 650 deletions(-) diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index 7c9de0dd0e4..a7b262229f6 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s) return 1; } -/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 - * on failure, 1 on success. */ +/* + * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 + * on failure, 1 on success. + */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) { @@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s) unsigned char *p, *d; int i, ch_len; unsigned long l; - int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP int j; @@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s) int ret; unsigned long mask, options = s->options; - ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; - - if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) - ssl2_compat = 0; - /* * SSL_OP_NO_X disables all protocols above X *if* there are * some protocols below X enabled. This is required in order @@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s) version = SSL3_VERSION; mask &= ~SSL_OP_NO_SSLv3; -#ifndef OPENSSL_NO_TLSEXT - if (version != SSL2_VERSION) { - /* have to disable SSL 2.0 compatibility if we need TLS extensions */ - - if (s->tlsext_hostname != NULL) - ssl2_compat = 0; - if (s->tlsext_status_type != -1) - ssl2_compat = 0; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) - ssl2_compat = 0; -#endif - } -#endif - buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { #if 0 @@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s) } else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; - } else if (version == SSL2_VERSION) { - version_major = SSL2_VERSION_MAJOR; - version_minor = SSL2_VERSION_MINOR; } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); return (-1); @@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s) s->client_version = version; - if (ssl2_compat) { - /* create SSL 2.0 compatible Client Hello */ - - /* two byte record header will be written last */ - d = &(buf[2]); - p = d + 9; /* leave space for message type, version, individual length fields */ - - *(d++) = SSL2_MT_CLIENT_HELLO; - *(d++) = version_major; - *(d++) = version_minor; - - /* Ciphers supported */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0); - if (i == 0) { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } - s2n(i, d); - p += i; - - /* put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif - s2n(0, d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len = SSL2_CHALLENGE_LENGTH; - else - ch_len = SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), - because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) - or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the - check in for futurproofing */ - if (SSL3_RANDOM_SIZE < ch_len) - i = SSL3_RANDOM_SIZE; - else - i = ch_len; - s2n(i, d); - memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE); - if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0) - return -1; - - memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i); - p += i; - - i = p- &(buf[2]); - buf[0] = ((i >> 8)&0xff)|0x80; - buf[1] = (i&0xff); - - /* number of bytes to write */ - s->init_num = i + 2; - s->init_off = 0; - - ssl3_finish_mac(s, &(buf[2]), i); - } else { - /* create Client Hello in SSL 3.0/TLS 1.0 format */ + /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* do the record header (5 bytes) and handshake message header (4 bytes) last */ - d = p = &(buf[9]); + /* + * Do the record header (5 bytes) and handshake + * message header (4 bytes) last + */ + d = p = &(buf[9]); - *(p++) = version_major; - *(p++) = version_minor; + *(p++) = version_major; + *(p++) = version_minor; - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + /* Random stuff */ + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; - /* Session ID (zero since there is no reuse) */ - *(p++) = 0; + /* Session ID (zero since there is no reuse) */ + *(p++) = 0; - /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char); - if (i == 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } + /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ + i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), + ssl3_put_cipher_by_char); + if (i == 0) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION && - i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; + /* + * Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION && + i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; #endif - s2n(i, p); - p += i; + s2n(i, p); + p += i; - /* COMPRESSION */ + /* COMPRESSION */ #ifdef OPENSSL_NO_COMP - *(p++) = 1; + *(p++) = 1; #else - if ((s->options & SSL_OP_NO_COMPRESSION) || - !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } + if ((s->options & SSL_OP_NO_COMPRESSION) || + !s->ctx->comp_methods) + j = 0; + else + j = sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++) = 1 + j; + for (i = 0; i < j; i++) { + comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); + *(p++) = comp->id; + } #endif - *(p++)=0; /* Add the NULL method */ + /* Add the NULL method */ + *(p++) = 0; #ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - return -1; - } - if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } + /* TLS extensions*/ + if (ssl_prepare_clienthello_tlsext(s) <= 0) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); + return -1; + } + if ((p = ssl_add_clienthello_tlsext(s, p, + buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return -1; + } #endif - l = p - d; - - /* fill in 4-byte handshake header */ - d = &(buf[5]); - *(d++) = SSL3_MT_CLIENT_HELLO; - l2n3(l, d); + l = p - d; - l += 4; + /* fill in 4-byte handshake header */ + d = &(buf[5]); + *(d++) = SSL3_MT_CLIENT_HELLO; + l2n3(l, d); - if (l > SSL3_RT_MAX_PLAIN_LENGTH) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } + l += 4; - /* fill in 5-byte record header */ - d = buf; - *(d++) = SSL3_RT_HANDSHAKE; - *(d++) = version_major; - /* Some servers hang if we use long client hellos - * and a record number > TLS 1.0. - */ - if (TLS1_get_client_version(s) > TLS1_VERSION) - *(d++) = 1; - else - *(d++) = version_minor; - s2n((int)l, d); - - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; - - ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); + if (l > SSL3_RT_MAX_PLAIN_LENGTH) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return -1; } + /* fill in 5-byte record header */ + d = buf; + *(d++) = SSL3_RT_HANDSHAKE; + *(d++) = version_major; + + /* + * Some servers hang if we use long client hellos + * and a record number > TLS 1.0. + */ + if (TLS1_get_client_version(s) > TLS1_VERSION) + *(d++) = 1; + else + *(d++) = version_minor; + s2n((int)l, d); + + /* number of bytes to write */ + s->init_num = p - buf; + s->init_off = 0; + + ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); + s->state = SSL23_ST_CW_CLNT_HELLO_B; s->init_off = 0; } @@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s) if ((ret >= 2) && s->msg_callback) { /* Client Hello has been sent; tell msg_callback */ - if (ssl2_compat) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); - else - s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); + s->msg_callback(1, version, SSL3_RT_HANDSHAKE, + s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); } return ret; @@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s) memcpy(buf, p, n); + /* Old unsupported sslv2 handshake */ if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && - (p[5] == 0x00) && (p[6] == 0x02)) { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + (p[5] == 0x00) && (p[6] == 0x02)) { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_PROTOCOL); goto err; - } else if (p[1] == SSL3_VERSION_MAJOR && + } + + if (p[1] == SSL3_VERSION_MAJOR && p[2] <= TLS1_2_VERSION_MINOR && ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { @@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s) s->version = TLS1_2_VERSION; s->method = TLSv1_2_client_method(); } else { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_PROTOCOL); goto err; } if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ - void (*cb)(const SSL *ssl, int type, int val) = NULL; int j; @@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s) } if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); + s->msg_callback(0, s->version, SSL3_RT_ALERT, + p + 5, 2, s, s->msg_callback_arg); s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_AD_REASON_OFFSET + p[6]); goto err; } @@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* Since, if we are sending a ssl23 client hello, we are not - * reusing a session-id */ + /* + * Since, if we are sending a ssl23 client hello, we are not + * reusing a session-id + */ if (!ssl_get_new_session(s, 0)) goto err; diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index a6062667a0f..35651183b77 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -118,8 +118,8 @@ static const SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); -static const SSL_METHOD -*ssl23_get_server_method(int ver) +static const SSL_METHOD * +ssl23_get_server_method(int ver) { if (ver == SSL3_VERSION) return (SSLv3_server_method()); @@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s) ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, + s->packet_length-2, s, s->msg_callback_arg); p = s->packet; p += 5; @@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s) n2s(p, sil); n2s(p, cl); d = (unsigned char *)s->init_buf->data; - if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format - * Client Hello, can we ? Error condition should be - * '>' otherweise */ + if ((csl + sil + cl + 11) != s->packet_length) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); + /* + * We can't have TLS extensions in SSL 2.0 format + * Client Hello, can we ? Error condition should be + * '>' otherwise + */ + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); goto err; } diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c index 7c9de0dd0e4..a7b262229f6 100644 --- a/lib/libssl/src/ssl/s23_clnt.c +++ b/lib/libssl/src/ssl/s23_clnt.c @@ -265,8 +265,10 @@ ssl23_no_ssl2_ciphers(SSL *s) return 1; } -/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 - * on failure, 1 on success. */ +/* + * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 + * on failure, 1 on success. + */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) { @@ -294,7 +296,6 @@ ssl23_client_hello(SSL *s) unsigned char *p, *d; int i, ch_len; unsigned long l; - int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP int j; @@ -303,11 +304,6 @@ ssl23_client_hello(SSL *s) int ret; unsigned long mask, options = s->options; - ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; - - if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) - ssl2_compat = 0; - /* * SSL_OP_NO_X disables all protocols above X *if* there are * some protocols below X enabled. This is required in order @@ -333,21 +329,6 @@ ssl23_client_hello(SSL *s) version = SSL3_VERSION; mask &= ~SSL_OP_NO_SSLv3; -#ifndef OPENSSL_NO_TLSEXT - if (version != SSL2_VERSION) { - /* have to disable SSL 2.0 compatibility if we need TLS extensions */ - - if (s->tlsext_hostname != NULL) - ssl2_compat = 0; - if (s->tlsext_status_type != -1) - ssl2_compat = 0; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) - ssl2_compat = 0; -#endif - } -#endif - buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { #if 0 @@ -373,9 +354,6 @@ ssl23_client_hello(SSL *s) } else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; - } else if (version == SSL2_VERSION) { - version_major = SSL2_VERSION_MAJOR; - version_minor = SSL2_VERSION_MINOR; } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); return (-1); @@ -383,161 +361,112 @@ ssl23_client_hello(SSL *s) s->client_version = version; - if (ssl2_compat) { - /* create SSL 2.0 compatible Client Hello */ - - /* two byte record header will be written last */ - d = &(buf[2]); - p = d + 9; /* leave space for message type, version, individual length fields */ - - *(d++) = SSL2_MT_CLIENT_HELLO; - *(d++) = version_major; - *(d++) = version_minor; - - /* Ciphers supported */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0); - if (i == 0) { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } - s2n(i, d); - p += i; - - /* put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif - s2n(0, d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len = SSL2_CHALLENGE_LENGTH; - else - ch_len = SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), - because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) - or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the - check in for futurproofing */ - if (SSL3_RANDOM_SIZE < ch_len) - i = SSL3_RANDOM_SIZE; - else - i = ch_len; - s2n(i, d); - memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE); - if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0) - return -1; - - memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i); - p += i; - - i = p- &(buf[2]); - buf[0] = ((i >> 8)&0xff)|0x80; - buf[1] = (i&0xff); - - /* number of bytes to write */ - s->init_num = i + 2; - s->init_off = 0; - - ssl3_finish_mac(s, &(buf[2]), i); - } else { - /* create Client Hello in SSL 3.0/TLS 1.0 format */ + /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* do the record header (5 bytes) and handshake message header (4 bytes) last */ - d = p = &(buf[9]); + /* + * Do the record header (5 bytes) and handshake + * message header (4 bytes) last + */ + d = p = &(buf[9]); - *(p++) = version_major; - *(p++) = version_minor; + *(p++) = version_major; + *(p++) = version_minor; - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + /* Random stuff */ + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; - /* Session ID (zero since there is no reuse) */ - *(p++) = 0; + /* Session ID (zero since there is no reuse) */ + *(p++) = 0; - /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), ssl3_put_cipher_by_char); - if (i == 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } + /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ + i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), + ssl3_put_cipher_by_char); + if (i == 0) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION && - i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; + /* + * Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION && + i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; #endif - s2n(i, p); - p += i; + s2n(i, p); + p += i; - /* COMPRESSION */ + /* COMPRESSION */ #ifdef OPENSSL_NO_COMP - *(p++) = 1; + *(p++) = 1; #else - if ((s->options & SSL_OP_NO_COMPRESSION) || - !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } + if ((s->options & SSL_OP_NO_COMPRESSION) || + !s->ctx->comp_methods) + j = 0; + else + j = sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++) = 1 + j; + for (i = 0; i < j; i++) { + comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); + *(p++) = comp->id; + } #endif - *(p++)=0; /* Add the NULL method */ + /* Add the NULL method */ + *(p++) = 0; #ifndef OPENSSL_NO_TLSEXT - /* TLS extensions*/ - if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - return -1; - } - if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } + /* TLS extensions*/ + if (ssl_prepare_clienthello_tlsext(s) <= 0) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); + return -1; + } + if ((p = ssl_add_clienthello_tlsext(s, p, + buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return -1; + } #endif - l = p - d; - - /* fill in 4-byte handshake header */ - d = &(buf[5]); - *(d++) = SSL3_MT_CLIENT_HELLO; - l2n3(l, d); + l = p - d; - l += 4; + /* fill in 4-byte handshake header */ + d = &(buf[5]); + *(d++) = SSL3_MT_CLIENT_HELLO; + l2n3(l, d); - if (l > SSL3_RT_MAX_PLAIN_LENGTH) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } + l += 4; - /* fill in 5-byte record header */ - d = buf; - *(d++) = SSL3_RT_HANDSHAKE; - *(d++) = version_major; - /* Some servers hang if we use long client hellos - * and a record number > TLS 1.0. - */ - if (TLS1_get_client_version(s) > TLS1_VERSION) - *(d++) = 1; - else - *(d++) = version_minor; - s2n((int)l, d); - - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; - - ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); + if (l > SSL3_RT_MAX_PLAIN_LENGTH) { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return -1; } + /* fill in 5-byte record header */ + d = buf; + *(d++) = SSL3_RT_HANDSHAKE; + *(d++) = version_major; + + /* + * Some servers hang if we use long client hellos + * and a record number > TLS 1.0. + */ + if (TLS1_get_client_version(s) > TLS1_VERSION) + *(d++) = 1; + else + *(d++) = version_minor; + s2n((int)l, d); + + /* number of bytes to write */ + s->init_num = p - buf; + s->init_off = 0; + + ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); + s->state = SSL23_ST_CW_CLNT_HELLO_B; s->init_off = 0; } @@ -548,10 +477,8 @@ ssl23_client_hello(SSL *s) if ((ret >= 2) && s->msg_callback) { /* Client Hello has been sent; tell msg_callback */ - if (ssl2_compat) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2, ret - 2, s, s->msg_callback_arg); - else - s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); + s->msg_callback(1, version, SSL3_RT_HANDSHAKE, + s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); } return ret; @@ -573,11 +500,15 @@ ssl23_get_server_hello(SSL *s) memcpy(buf, p, n); + /* Old unsupported sslv2 handshake */ if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && - (p[5] == 0x00) && (p[6] == 0x02)) { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + (p[5] == 0x00) && (p[6] == 0x02)) { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_PROTOCOL); goto err; - } else if (p[1] == SSL3_VERSION_MAJOR && + } + + if (p[1] == SSL3_VERSION_MAJOR && p[2] <= TLS1_2_VERSION_MINOR && ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { @@ -600,13 +531,13 @@ ssl23_get_server_hello(SSL *s) s->version = TLS1_2_VERSION; s->method = TLSv1_2_client_method(); } else { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_UNSUPPORTED_PROTOCOL); goto err; } if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ - void (*cb)(const SSL *ssl, int type, int val) = NULL; int j; @@ -622,10 +553,12 @@ ssl23_get_server_hello(SSL *s) } if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->msg_callback_arg); + s->msg_callback(0, s->version, SSL3_RT_ALERT, + p + 5, 2, s, s->msg_callback_arg); s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_AD_REASON_OFFSET + p[6]); goto err; } @@ -654,8 +587,10 @@ ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* Since, if we are sending a ssl23 client hello, we are not - * reusing a session-id */ + /* + * Since, if we are sending a ssl23 client hello, we are not + * reusing a session-id + */ if (!ssl_get_new_session(s, 0)) goto err; diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c index a6062667a0f..35651183b77 100644 --- a/lib/libssl/src/ssl/s23_srvr.c +++ b/lib/libssl/src/ssl/s23_srvr.c @@ -118,8 +118,8 @@ static const SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); -static const SSL_METHOD -*ssl23_get_server_method(int ver) +static const SSL_METHOD * +ssl23_get_server_method(int ver) { if (ver == SSL3_VERSION) return (SSLv3_server_method()); @@ -402,7 +402,8 @@ ssl23_get_client_hello(SSL *s) ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, + s->packet_length-2, s, s->msg_callback_arg); p = s->packet; p += 5; @@ -410,11 +411,15 @@ ssl23_get_client_hello(SSL *s) n2s(p, sil); n2s(p, cl); d = (unsigned char *)s->init_buf->data; - if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format - * Client Hello, can we ? Error condition should be - * '>' otherweise */ + if ((csl + sil + cl + 11) != s->packet_length) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); + /* + * We can't have TLS extensions in SSL 2.0 format + * Client Hello, can we ? Error condition should be + * '>' otherwise + */ + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); goto err; } diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c index 51668db7859..28e295f6a44 100644 --- a/lib/libssl/src/ssl/ssl_asn1.c +++ b/lib/libssl/src/ssl/ssl_asn1.c @@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) l = in->cipher_id; else l = in->cipher->id; - if (in->ssl_version == SSL2_VERSION) { - a.cipher.length = 3; - buf[0] = ((unsigned char)(l >> 16L))&0xff; - buf[1] = ((unsigned char)(l >> 8L))&0xff; - buf[2] = ((unsigned char)(l ))&0xff; - } else { - a.cipher.length = 2; - buf[0] = ((unsigned char)(l >> 8L))&0xff; - buf[1] = ((unsigned char)(l ))&0xff; - } + a.cipher.length = 2; + buf[0] = ((unsigned char)(l >> 8L))&0xff; + buf[1] = ((unsigned char)(l ))&0xff; #ifndef OPENSSL_NO_COMP if (in->compress_meth) { @@ -400,16 +393,7 @@ long length) os.data = NULL; os.length = 0; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if (ssl_version == SSL2_VERSION) { - if (os.length != 3) { - c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; - goto err; - } - id = 0x02000000L| - ((unsigned long)os.data[0]<<16L)| - ((unsigned long)os.data[1]<< 8L)| - (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; @@ -426,10 +410,7 @@ long length) ret->cipher_id = id; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) - i = SSL3_MAX_SSL_SESSION_ID_LENGTH; - else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ - i = SSL2_MAX_SSL_SESSION_ID_LENGTH; + i = SSL3_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) os.length = i; diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index b5ba0f4aac5..a0882e45215 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -250,7 +250,7 @@ SSL_clear(SSL *s) return (1); } -/** Used to change an SSL_CTXs default SSL method type */ +/* Used to change an SSL_CTXs default SSL method type */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { @@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), - &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); @@ -437,11 +436,13 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len) { - /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how - * we can "construct" a session to give us the desired check - ie. to - * find if there's a session in the hash table that would conflict with - * any new session built out of this id/id_len and the ssl_version in - * use by this SSL. */ + /* + * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp + * shows how we can "construct" a session to give us the desired + * check - ie. to find if there's a session in the hash table + * that would conflict with any new session built out of this + * id/id_len and the ssl_version in use by this SSL. + */ SSL_SESSION r, *p; if (id_len > sizeof r.session_id) @@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a - * callback is calling us to check the uniqueness of a shorter ID, it - * must be compared as a padded-out ID because that is what it will be - * converted to when the callback has finished choosing it. */ - if ((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { - memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); - r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); @@ -1777,11 +1768,10 @@ SSL_CTX if (ret->cert_store == NULL) goto err; - ssl_create_cipher_list(ret->method, - &ret->cipher_list, &ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if (ret->cipher_list == NULL - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + ssl_create_cipher_list(ret->method, &ret->cipher_list, + &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); + if (ret->cipher_list == NULL || + sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1790,10 +1780,6 @@ SSL_CTX if (!ret->param) goto err; - if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); - goto err2; - } if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; @@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i) if (BIO_should_read(bio)) return (SSL_ERROR_WANT_READ); else if (BIO_should_write(bio)) - /* This one doesn't make too much sense ... We never try - * to write to the rbio, and an application program where - * rbio and wbio are separate couldn't even know what it - * should wait for. - * However if we ever set s->rwstate incorrectly - * (so that we have SSL_want_read(s) instead of - * SSL_want_write(s)) and rbio and wbio *are* the same, - * this test works around that bug; so it might be safer - * to keep it. */ + /* + * This one doesn't make too much sense... We never + * try to write to the rbio, and an application + * program where rbio and wbio are separate couldn't + * even know what it should wait for. However if we + * ever set s->rwstate incorrectly (so that we have + * SSL_want_read(s) instead of SSL_want_write(s)) + * and rbio and wbio *are* the same, this test works + * around that bug; so it might be safer to keep it. + */ return (SSL_ERROR_WANT_WRITE); else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); @@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i) } if (i == 0) { - if (s->version == SSL2_VERSION) { - /* assume it is the socket being closed */ - return (SSL_ERROR_ZERO_RETURN); - } else { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); - } + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); } return (SSL_ERROR_SYSCALL); } @@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s) return (0); } -SSL_METHOD -*ssl_bad_method(int ver) +SSL_METHOD * +ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } -const char -*SSL_get_version(const SSL *s) +const char * +SSL_get_version(const SSL *s) { if (s->version == TLS1_2_VERSION) return("TLSv1.2"); @@ -2623,14 +2605,12 @@ const char return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); - else if (s->version == SSL2_VERSION) - return("SSLv2"); else return("unknown"); } -SSL -*SSL_dup(SSL *s) +SSL * +SSL_dup(SSL *s) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 203a47480f8..e9c3a6bcd85 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -521,7 +521,7 @@ typedef struct cert_st { typedef struct sess_cert_st { - STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ + STACK_OF(X509) *cert_chain; /* as received from peer */ /* The 'peer_...' members are used only by clients. */ int peer_cert_type; @@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL2_VERSION, \ - ssl2_new, /* local */ \ - ssl2_clear, /* local */ \ - ssl2_free, /* local */ \ - s_accept, \ - s_connect, \ - ssl2_read, \ - ssl2_peek, \ - ssl2_write, \ - ssl2_shutdown, \ - ssl_ok, /* NULL - renegotiate */ \ - ssl_ok, /* NULL - check renegotiate */ \ - NULL, /* NULL - ssl_get_message */ \ - NULL, /* NULL - ssl_get_record */ \ - NULL, /* NULL - ssl_write_bytes */ \ - NULL, /* NULL - dispatch_alert */ \ - ssl2_ctrl, /* local */ \ - ssl2_ctx_ctrl, /* local */ \ - ssl2_get_cipher_by_char, \ - ssl2_put_cipher_by_char, \ - ssl2_pending, \ - ssl2_num_ciphers, \ - ssl2_get_cipher, \ - s_get_meth, \ - ssl2_default_timeout, \ - &ssl3_undef_enc_method, \ - ssl_undefined_void_function, \ - ssl2_callback_ctrl, /* local */ \ - ssl2_ctx_callback_ctrl, /* local */ \ - }; \ - return &func_name##_data; \ - } - #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ const SSL_METHOD *func_name(void) \ { \ diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c index b29115862b9..0b1c655820d 100644 --- a/lib/libssl/src/ssl/ssl_sess.c +++ b/lib/libssl/src/ssl/ssl_sess.c @@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session) } if (session) { - if (s->version == SSL2_VERSION) { - ss->ssl_version = SSL2_VERSION; - ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } else if (s->version == SSL3_VERSION) { - ss->ssl_version = SSL3_VERSION; + switch (s->version) { + case SSL3_VERSION: + case TLS1_VERSION: + case TLS1_1_VERSION: + case TLS1_2_VERSION: + case DTLS1_BAD_VER: + case DTLS1_VERSION: + ss->ssl_version = s->version; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_VERSION) { - ss->ssl_version = TLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_1_VERSION) { - ss->ssl_version = TLS1_1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_2_VERSION) { - ss->ssl_version = TLS1_2_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_BAD_VER) { - ss->ssl_version = DTLS1_BAD_VER; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_VERSION) { - ss->ssl_version = DTLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); + break; + default: + SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); return (0); } @@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return (0); } - /* If the session length was shrunk and we're SSLv2, pad it */ - if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) - memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); - else - ss->session_id_length = tmp; + ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, ss->session_id_length)) { diff --git a/lib/libssl/src/ssl/ssl_txt.c b/lib/libssl/src/ssl/ssl_txt.c index 5186e396ecd..91664ffe432 100644 --- a/lib/libssl/src/ssl/ssl_txt.c +++ b/lib/libssl/src/ssl/ssl_txt.c @@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; - if (x->ssl_version == SSL2_VERSION) - s="SSLv2"; - else if (x->ssl_version == SSL3_VERSION) + if (x->ssl_version == SSL3_VERSION) s="SSLv3"; else if (x->ssl_version == TLS1_2_VERSION) s="TLSv1.2"; diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 51668db7859..28e295f6a44 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -165,16 +165,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) l = in->cipher_id; else l = in->cipher->id; - if (in->ssl_version == SSL2_VERSION) { - a.cipher.length = 3; - buf[0] = ((unsigned char)(l >> 16L))&0xff; - buf[1] = ((unsigned char)(l >> 8L))&0xff; - buf[2] = ((unsigned char)(l ))&0xff; - } else { - a.cipher.length = 2; - buf[0] = ((unsigned char)(l >> 8L))&0xff; - buf[1] = ((unsigned char)(l ))&0xff; - } + a.cipher.length = 2; + buf[0] = ((unsigned char)(l >> 8L))&0xff; + buf[1] = ((unsigned char)(l ))&0xff; #ifndef OPENSSL_NO_COMP if (in->compress_meth) { @@ -400,16 +393,7 @@ long length) os.data = NULL; os.length = 0; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if (ssl_version == SSL2_VERSION) { - if (os.length != 3) { - c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; - goto err; - } - id = 0x02000000L| - ((unsigned long)os.data[0]<<16L)| - ((unsigned long)os.data[1]<< 8L)| - (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; goto err; @@ -426,10 +410,7 @@ long length) ret->cipher_id = id; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) - i = SSL3_MAX_SSL_SESSION_ID_LENGTH; - else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ - i = SSL2_MAX_SSL_SESSION_ID_LENGTH; + i = SSL3_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) os.length = i; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index b5ba0f4aac5..a0882e45215 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -250,7 +250,7 @@ SSL_clear(SSL *s) return (1); } -/** Used to change an SSL_CTXs default SSL method type */ +/* Used to change an SSL_CTXs default SSL method type */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) { @@ -259,8 +259,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), - &(ctx->cipher_list_by_id), - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); + &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); @@ -437,11 +436,13 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len) { - /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how - * we can "construct" a session to give us the desired check - ie. to - * find if there's a session in the hash table that would conflict with - * any new session built out of this id/id_len and the ssl_version in - * use by this SSL. */ + /* + * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp + * shows how we can "construct" a session to give us the desired + * check - ie. to find if there's a session in the hash table + * that would conflict with any new session built out of this + * id/id_len and the ssl_version in use by this SSL. + */ SSL_SESSION r, *p; if (id_len > sizeof r.session_id) @@ -450,16 +451,6 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a - * callback is calling us to check the uniqueness of a shorter ID, it - * must be compared as a padded-out ID because that is what it will be - * converted to when the callback has finished choosing it. */ - if ((r.ssl_version == SSL2_VERSION) && - (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { - memset(r.session_id + id_len, 0, - SSL2_SSL_SESSION_ID_LENGTH - id_len); - r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); @@ -1777,11 +1768,10 @@ SSL_CTX if (ret->cert_store == NULL) goto err; - ssl_create_cipher_list(ret->method, - &ret->cipher_list, &ret->cipher_list_by_id, - meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); - if (ret->cipher_list == NULL - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + ssl_create_cipher_list(ret->method, &ret->cipher_list, + &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); + if (ret->cipher_list == NULL || + sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -1790,10 +1780,6 @@ SSL_CTX if (!ret->param) goto err; - if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); - goto err2; - } if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; @@ -2483,15 +2469,16 @@ SSL_get_error(const SSL *s, int i) if (BIO_should_read(bio)) return (SSL_ERROR_WANT_READ); else if (BIO_should_write(bio)) - /* This one doesn't make too much sense ... We never try - * to write to the rbio, and an application program where - * rbio and wbio are separate couldn't even know what it - * should wait for. - * However if we ever set s->rwstate incorrectly - * (so that we have SSL_want_read(s) instead of - * SSL_want_write(s)) and rbio and wbio *are* the same, - * this test works around that bug; so it might be safer - * to keep it. */ + /* + * This one doesn't make too much sense... We never + * try to write to the rbio, and an application + * program where rbio and wbio are separate couldn't + * even know what it should wait for. However if we + * ever set s->rwstate incorrectly (so that we have + * SSL_want_read(s) instead of SSL_want_write(s)) + * and rbio and wbio *are* the same, this test works + * around that bug; so it might be safer to keep it. + */ return (SSL_ERROR_WANT_WRITE); else if (BIO_should_io_special(bio)) { reason = BIO_get_retry_reason(bio); @@ -2526,14 +2513,9 @@ SSL_get_error(const SSL *s, int i) } if (i == 0) { - if (s->version == SSL2_VERSION) { - /* assume it is the socket being closed */ - return (SSL_ERROR_ZERO_RETURN); - } else { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); - } + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); } return (SSL_ERROR_SYSCALL); } @@ -2605,15 +2587,15 @@ ssl_undefined_const_function(const SSL *s) return (0); } -SSL_METHOD -*ssl_bad_method(int ver) +SSL_METHOD * +ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (NULL); } -const char -*SSL_get_version(const SSL *s) +const char * +SSL_get_version(const SSL *s) { if (s->version == TLS1_2_VERSION) return("TLSv1.2"); @@ -2623,14 +2605,12 @@ const char return("TLSv1"); else if (s->version == SSL3_VERSION) return("SSLv3"); - else if (s->version == SSL2_VERSION) - return("SSLv2"); else return("unknown"); } -SSL -*SSL_dup(SSL *s) +SSL * +SSL_dup(SSL *s) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 203a47480f8..e9c3a6bcd85 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -521,7 +521,7 @@ typedef struct cert_st { typedef struct sess_cert_st { - STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ + STACK_OF(X509) *cert_chain; /* as received from peer */ /* The 'peer_...' members are used only by clients. */ int peer_cert_type; @@ -731,43 +731,6 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - SSL2_VERSION, \ - ssl2_new, /* local */ \ - ssl2_clear, /* local */ \ - ssl2_free, /* local */ \ - s_accept, \ - s_connect, \ - ssl2_read, \ - ssl2_peek, \ - ssl2_write, \ - ssl2_shutdown, \ - ssl_ok, /* NULL - renegotiate */ \ - ssl_ok, /* NULL - check renegotiate */ \ - NULL, /* NULL - ssl_get_message */ \ - NULL, /* NULL - ssl_get_record */ \ - NULL, /* NULL - ssl_write_bytes */ \ - NULL, /* NULL - dispatch_alert */ \ - ssl2_ctrl, /* local */ \ - ssl2_ctx_ctrl, /* local */ \ - ssl2_get_cipher_by_char, \ - ssl2_put_cipher_by_char, \ - ssl2_pending, \ - ssl2_num_ciphers, \ - ssl2_get_cipher, \ - s_get_meth, \ - ssl2_default_timeout, \ - &ssl3_undef_enc_method, \ - ssl_undefined_void_function, \ - ssl2_callback_ctrl, /* local */ \ - ssl2_ctx_callback_ctrl, /* local */ \ - }; \ - return &func_name##_data; \ - } - #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ const SSL_METHOD *func_name(void) \ { \ diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index b29115862b9..0b1c655820d 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -301,29 +301,19 @@ ssl_get_new_session(SSL *s, int session) } if (session) { - if (s->version == SSL2_VERSION) { - ss->ssl_version = SSL2_VERSION; - ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; - } else if (s->version == SSL3_VERSION) { - ss->ssl_version = SSL3_VERSION; + switch (s->version) { + case SSL3_VERSION: + case TLS1_VERSION: + case TLS1_1_VERSION: + case TLS1_2_VERSION: + case DTLS1_BAD_VER: + case DTLS1_VERSION: + ss->ssl_version = s->version; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_VERSION) { - ss->ssl_version = TLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_1_VERSION) { - ss->ssl_version = TLS1_1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_2_VERSION) { - ss->ssl_version = TLS1_2_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_BAD_VER) { - ss->ssl_version = DTLS1_BAD_VER; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_VERSION) { - ss->ssl_version = DTLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); + break; + default: + SSLerr(SSL_F_SSL_GET_NEW_SESSION, + SSL_R_UNSUPPORTED_SSL_VERSION); SSL_SESSION_free(ss); return (0); } @@ -359,11 +349,7 @@ ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return (0); } - /* If the session length was shrunk and we're SSLv2, pad it */ - if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) - memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); - else - ss->session_id_length = tmp; + ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, ss->session_id_length)) { diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index 5186e396ecd..91664ffe432 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -114,9 +114,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; - if (x->ssl_version == SSL2_VERSION) - s="SSLv2"; - else if (x->ssl_version == SSL3_VERSION) + if (x->ssl_version == SSL3_VERSION) s="SSLv3"; else if (x->ssl_version == TLS1_2_VERSION) s="TLSv1.2"; -- 2.20.1