projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
x86_64-xlate.pl: updates from HEAD.
[openssl.git]
/
ssl
/
s23_srvr.c
diff --git
a/ssl/s23_srvr.c
b/ssl/s23_srvr.c
index b33b699a1c926c4fdda7cac015fd25100ad0c460..836dd1f1cf4b9137961436e8b1176343f612a242 100644
(file)
--- a/
ssl/s23_srvr.c
+++ b/
ssl/s23_srvr.c
@@
-56,7
+56,7
@@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-200
1
The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-200
6
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@
-315,7
+315,7
@@
int ssl23_get_client_hello(SSL *s)
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO) &&
((p[3] == 0 && p[4] < 5 /* silly record length? */)
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO) &&
((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9]
=
= p[1])))
+ || (p[9]
>
= p[1])))
{
/*
* SSLv3 or tls1 header
{
/*
* SSLv3 or tls1 header
@@
-339,6
+339,13
@@
int ssl23_get_client_hello(SSL *s)
v[1] = TLS1_VERSION_MINOR;
#endif
}
v[1] = TLS1_VERSION_MINOR;
#endif
}
+ /* if major version number > 3 set minor to a value
+ * which will use the highest version 3 we support.
+ * If TLS 2.0 ever appears we will need to revise
+ * this....
+ */
+ else if (p[9] > SSL3_VERSION_MAJOR)
+ v[1]=0xff;
else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
@@
-416,7
+423,9
@@
int ssl23_get_client_hello(SSL *s)
n2s(p,sil);
n2s(p,cl);
d=(unsigned char *)s->init_buf->data;
n2s(p,sil);
n2s(p,cl);
d=(unsigned char *)s->init_buf->data;
- if ((csl+sil+cl+11) != s->packet_length)
+ if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
+ * Client Hello, can we? Error condition should be
+ * '>' otherweise */
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
goto err;
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
goto err;
@@
-459,6
+468,15
@@
int ssl23_get_client_hello(SSL *s)
*(d++)=1;
*(d++)=0;
*(d++)=1;
*(d++)=0;
+#if 0
+ /* copy any remaining data with may be extensions */
+ p = p+csl+sil+cl;
+ while (p < s->packet+s->packet_length)
+ {
+ *(d++)=*(p++);
+ }
+#endif
+
i = (d-(unsigned char *)s->init_buf->data) - 4;
l2n3((long)i, d_len);
i = (d-(unsigned char *)s->init_buf->data) - 4;
l2n3((long)i, d_len);
@@
-534,6
+552,10
@@
int ssl23_get_client_hello(SSL *s)
* for SSLv3 */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
* for SSLv3 */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
+ if (s->s3->rbuf.buf == NULL)
+ if (!ssl3_setup_read_buffer(s))
+ goto err;
+
s->packet= &(s->s3->rbuf.buf[0]);
memcpy(s->packet,buf,n);
s->s3->rbuf.left=n;
s->packet= &(s->s3->rbuf.buf[0]);
memcpy(s->packet,buf,n);
s->s3->rbuf.left=n;
@@
-565,7
+587,6
@@
int ssl23_get_client_hello(SSL *s)
s->init_num=0;
if (buf != buf_space) OPENSSL_free(buf);
s->init_num=0;
if (buf != buf_space) OPENSSL_free(buf);
- s->first_packet=1;
return(SSL_accept(s));
err:
if (buf != buf_space) OPENSSL_free(buf);
return(SSL_accept(s));
err:
if (buf != buf_space) OPENSSL_free(buf);