- {
- char buf_space[11]; /* Request this many bytes in initial read.
- * We can detect SSL 3.0/TLS 1.0 Client Hellos
- * ('type == 3') correctly only when the following
- * is in a single record, which is not guaranteed by
- * the protocol specification:
- * Byte Content
- * 0 type \
- * 1/2 version > record header
- * 3/4 length /
- * 5 msg_type \
- * 6-8 length > Client Hello message
- * 9/10 client_version /
- */
- char *buf= &(buf_space[0]);
- unsigned char *p,*d,*d_len,*dd;
- unsigned int i;
- unsigned int csl,sil,cl;
- int n=0,j;
- int type=0;
- int v[2];
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
- {
- /* read the initial header */
- v[0]=v[1]=0;
-
- if (!ssl3_setup_buffers(s)) goto err;
-
- n=ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
- {
- /*
- * SSLv2 header
- */
- if ((p[3] == 0x00) && (p[4] == 0x02))
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv2 */
- if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
- }
- else if (p[3] == SSL3_VERSION_MAJOR)
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv3/TLSv1 */
- if (p[4] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- /* type=2; */ /* done later to survive restarts */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- type=1;
- }
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
-
- }
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- (p[5] == SSL3_MT_CLIENT_HELLO) &&
- ((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9] >= p[1])))
- {
- /*
- * SSLv3 or tls1 header
- */
-
- v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
- /* We must look at client_version inside the Client Hello message
- * to get the correct minor version.
- * However if we have only a pathologically small fragment of the
- * Client Hello message, this would be difficult, and we'd have
- * to read more records to find out.
- * No known SSL 3.0 client fragments ClientHello like this,
- * so we simply reject such connections to avoid
- * protocol version downgrade attacks. */
- if (p[3] == 0 && p[4] < 6)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
- goto err;
- }
- /* if major version number > 3 set minor to a value
- * which will use the highest version 3 we support.
- * If TLS 2.0 ever appears we will need to revise
- * this....
- */
- if (p[9] > SSL3_VERSION_MAJOR)
- v[1]=0xff;
- else
- v[1]=p[10]; /* minor version according to client_version */
- if (v[1] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- }
- else
- {
- /* client requests SSL 3.0 */
- if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_TLSv1))
- {
- /* we won't be able to use TLS of course,
- * but this will send an appropriate alert */
- s->version=TLS1_VERSION;
- type=3;
- }
- }
- }
- else if ((strncmp("GET ", (char *)p,4) == 0) ||
- (strncmp("POST ",(char *)p,5) == 0) ||
- (strncmp("HEAD ",(char *)p,5) == 0) ||
- (strncmp("PUT ", (char *)p,4) == 0))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
- goto err;
- }
- else if (strncmp("CONNECT",(char *)p,7) == 0)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
- goto err;
- }
- }
-
+{
+ /*-
+ * Request this many bytes in initial read.
+ * We can detect SSL 3.0/TLS 1.0 Client Hellos
+ * ('type == 3') correctly only when the following
+ * is in a single record, which is not guaranteed by
+ * the protocol specification:
+ * Byte Content
+ * 0 type \
+ * 1/2 version > record header
+ * 3/4 length /
+ * 5 msg_type \
+ * 6-8 length > Client Hello message
+ * 9/10 client_version /
+ */
+ char buf_space[11];
+ char *buf = &(buf_space[0]);
+ unsigned char *p, *d, *d_len, *dd;
+ unsigned int i;
+ unsigned int csl, sil, cl;
+ int n = 0, j;
+ int type = 0;
+ int v[2];
+
+ if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
+ /* read the initial header */
+ v[0] = v[1] = 0;
+
+ if (!ssl3_setup_buffers(s))
+ goto err;
+
+ n = ssl23_read_bytes(s, sizeof buf_space);
+ if (n != sizeof buf_space)
+ return (n); /* n == -1 || n == 0 */
+
+ p = s->packet;
+
+ memcpy(buf, p, n);
+
+ if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
+ /*
+ * SSLv2 header
+ */
+ if ((p[3] == 0x00) && (p[4] == 0x02)) {
+ v[0] = p[3];
+ v[1] = p[4];
+ /* SSLv2 */
+ if (!(s->options & SSL_OP_NO_SSLv2))
+ type = 1;
+ } else if (p[3] == SSL3_VERSION_MAJOR) {
+ v[0] = p[3];
+ v[1] = p[4];
+ /* SSLv3/TLSv1 */
+ if (p[4] >= TLS1_VERSION_MINOR) {
+ if (!(s->options & SSL_OP_NO_TLSv1)) {
+ s->version = TLS1_VERSION;
+ /*
+ * type=2;
+ *//*
+ * done later to survive restarts
+ */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ /* type=2; */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv2)) {
+ type = 1;
+ }
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ /* type=2; */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv2))
+ type = 1;
+
+ }
+ }
+ /* p[4] < 5 ... silly record length? */
+ else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+ (p[1] == SSL3_VERSION_MAJOR) &&
+ (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5)
+ || (p[9] >= p[1]))) {
+ /*
+ * SSLv3 or tls1 header
+ */
+
+ v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+ /*
+ * We must look at client_version inside the Client Hello message
+ * to get the correct minor version. However if we have only a
+ * pathologically small fragment of the Client Hello message, this
+ * would be difficult, and we'd have to read more records to find
+ * out. No known SSL 3.0 client fragments ClientHello like this,
+ * so we simply reject such connections to avoid protocol version
+ * downgrade attacks.
+ */
+ if (p[3] == 0 && p[4] < 6) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
+ goto err;
+ }
+ /*
+ * if major version number > 3 set minor to a value which will
+ * use the highest version 3 we support. If TLS 2.0 ever appears
+ * we will need to revise this....
+ */
+ if (p[9] > SSL3_VERSION_MAJOR)
+ v[1] = 0xff;
+ else
+ v[1] = p[10]; /* minor version according to client_version */
+ if (v[1] >= TLS1_VERSION_MINOR) {
+ if (!(s->options & SSL_OP_NO_TLSv1)) {
+ s->version = TLS1_VERSION;
+ type = 3;
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ type = 3;
+ }
+ } else {
+ /* client requests SSL 3.0 */
+ if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ type = 3;
+ } else if (!(s->options & SSL_OP_NO_TLSv1)) {
+ /*
+ * we won't be able to use TLS of course, but this will
+ * send an appropriate alert
+ */
+ s->version = TLS1_VERSION;
+ type = 3;
+ }
+ }
+ } else if ((strncmp("GET ", (char *)p, 4) == 0) ||
+ (strncmp("POST ", (char *)p, 5) == 0) ||
+ (strncmp("HEAD ", (char *)p, 5) == 0) ||
+ (strncmp("PUT ", (char *)p, 4) == 0)) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
+ goto err;
+ } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
+ goto err;
+ }
+ }