Fix SSL handshake functions and SSL_clear() such that SSL_clear()

[openssl.git] / ssl / s23_srvr.c
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c

index e0abbaf834a1988ae86184db31c4a9075652d341..fe8bd33ce742f9a269ab5919409da03b248b6e53 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -55,6 +55,59 @@
   * copied and put under another distribution licence
   * [including the GNU Public Licence.]
   */
   * copied and put under another distribution licence
   * [including the GNU Public Licence.]
   */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
  
  #include <stdio.h>
  #include <openssl/buffer.h>
  
  #include <stdio.h>
  #include <openssl/buffer.h>
@@ -112,8 +165,8 @@ int ssl23_accept(SSL *s)
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
         
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
         s->in_handshake++;
         s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  
         for (;;)
                 {
  
         for (;;)
                 {
@@ -202,7 +255,7 @@ int ssl23_get_client_hello(SSL *s)
                              *  9/10  client_version  /
                              */
         char *buf= &(buf_space[0]);
                              *  9/10  client_version  /
                              */
         char *buf= &(buf_space[0]);
-       unsigned char *p,*d,*dd;
+       unsigned char *p,*d,*d_len,*dd;
         unsigned int i;
         unsigned int csl,sil,cl;
         int n=0,j;
         unsigned int i;
         unsigned int csl,sil,cl;
         int n=0,j;
@@ -310,10 +363,21 @@ int ssl23_get_client_hello(SSL *s)
                                         type=3;
                                         }
                                 }
                                         type=3;
                                         }
                                 }
-                       else if (!(s->options & SSL_OP_NO_SSLv3))
+                       else
                                 {
                                 {
-                               s->version=SSL3_VERSION;
-                               type=3;
+                               /* client requests SSL 3.0 */
+                               if (!(s->options & SSL_OP_NO_SSLv3))
+                                       {
+                                       s->version=SSL3_VERSION;
+                                       type=3;
+                                       }
+                               else if (!(s->options & SSL_OP_NO_TLSv1))
+                                       {
+                                       /* we won't be able to use TLS of course,
+                                        * but this will send an appropriate alert */
+                                       s->version=TLS1_VERSION;
+                                       type=3;
+                                       }
                                 }
                         }
                 else if ((strncmp("GET ", (char *)p,4) == 0) ||
                                 }
                         }
                 else if ((strncmp("GET ", (char *)p,4) == 0) ||
@@ -365,6 +429,13 @@ int ssl23_get_client_hello(SSL *s)
                         goto err;
                         }
  
                         goto err;
                         }
  
+               /* record header: msg_type ... */
+               *(d++) = SSL3_MT_CLIENT_HELLO;
+               /* ... and length (actual value will be written later) */
+               d_len = d;
+               d += 3;
+
+               /* client_version */
                 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
                 *(d++) = v[1];
  
                 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
                 *(d++) = v[1];
  
@@ -396,6 +467,7 @@ int ssl23_get_client_hello(SSL *s)
                 *(d++)=0;
                 
                 i=(d-(unsigned char *)s->init_buf->data);
                 *(d++)=0;
                 
                 i=(d-(unsigned char *)s->init_buf->data);
+               l2n3((long)i, d_len);
  
                 /* get the data reused from the init_buf */
                 s->s3->tmp.reuse_message=1;
  
                 /* get the data reused from the init_buf */
                 s->s3->tmp.reuse_message=1;