projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix ssl3_get_message handle message fragmentation correctly.
[openssl.git]
/
ssl
/
s23_clnt.c
diff --git
a/ssl/s23_clnt.c
b/ssl/s23_clnt.c
index fc263d1e23ef387b0e4a856792a671b83c16e28b..1eafb4b446358939396f1e6a9c84845573690f89 100644
(file)
--- a/
ssl/s23_clnt.c
+++ b/
ssl/s23_clnt.c
@@
-68,9
+68,11
@@
static int ssl23_client_hello(SSL *s);
static int ssl23_get_server_hello(SSL *s);
static SSL_METHOD *ssl23_get_client_method(int ver)
{
static int ssl23_get_server_hello(SSL *s);
static SSL_METHOD *ssl23_get_client_method(int ver)
{
+#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_client_method());
if (ver == SSL2_VERSION)
return(SSLv2_client_method());
- else if (ver == SSL3_VERSION)
+#endif
+ if (ver == SSL3_VERSION)
return(SSLv3_client_method());
else if (ver == TLS1_VERSION)
return(TLSv1_client_method());
return(SSLv3_client_method());
else if (ver == TLS1_VERSION)
return(TLSv1_client_method());
@@
-102,7
+104,7
@@
int ssl23_connect(SSL *s)
int ret= -1;
int new_state,state;
int ret= -1;
int new_state,state;
- RAND_
seed(&Time,sizeof(Time)
);
+ RAND_
add(&Time,sizeof(Time),0
);
ERR_clear_error();
clear_sys_error();
ERR_clear_error();
clear_sys_error();
@@
-186,7
+188,7
@@
int ssl23_connect(SSL *s)
/* break; */
}
/* break; */
}
- if (s->debug)
BIO_flush(s->wbio);
+ if (s->debug)
{ (void)BIO_flush(s->wbio); }
if ((cb != NULL) && (s->state != state))
{
if ((cb != NULL) && (s->state != state))
{
@@
-222,7
+224,7
@@
static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
#endif
p=s->s3->client_random;
- RAND_bytes(p,SSL3_RANDOM_SIZE);
+ RAND_
pseudo_
bytes(p,SSL3_RANDOM_SIZE);
/* Do the message type and length last */
d= &(buf[2]);
/* Do the message type and length last */
d= &(buf[2]);
@@
-283,7
+285,7
@@
static int ssl23_client_hello(SSL *s)
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+ RAND_
pseudo_
bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
@@
-307,7
+309,7
@@
static int ssl23_get_server_hello(SSL *s)
{
char buf[8];
unsigned char *p;
{
char buf[8];
unsigned char *p;
- int i
,ch_len
;
+ int i;
int n;
n=ssl23_read_bytes(s,7);
int n;
n=ssl23_read_bytes(s,7);
@@
-320,9
+322,14
@@
static int ssl23_get_server_hello(SSL *s)
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02))
{
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02))
{
+#ifdef OPENSSL_NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3 setup and put in the
* sslv2 stuff. */
/* we are talking sslv2 */
/* we need to clean up the SSLv3 setup and put in the
* sslv2 stuff. */
+ int ch_len;
if (s->options & SSL_OP_NO_SSLv2)
{
if (s->options & SSL_OP_NO_SSLv2)
{
@@
-359,7
+366,9
@@
static int ssl23_get_server_hello(SSL *s)
}
s->state=SSL2_ST_GET_SERVER_HELLO_A;
}
s->state=SSL2_ST_GET_SERVER_HELLO_A;
- s->s2->ssl2_rollback=1;
+ if (!(s->client_version == SSL2_VERSION))
+ /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+ s->s2->ssl2_rollback=1;
/* setup the 5 bytes we have read so we get them from
* the sslv2 buffer */
/* setup the 5 bytes we have read so we get them from
* the sslv2 buffer */
@@
-375,6
+384,7
@@
static int ssl23_get_server_hello(SSL *s)
s->method=SSLv2_client_method();
s->handshake_func=s->method->ssl_connect;
s->method=SSLv2_client_method();
s->handshake_func=s->method->ssl_connect;
+#endif
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&