Fix SSL handshake functions and SSL_clear() such that SSL_clear()

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index f858a9f180846704175734ff510b302c50c98086..8c5b6e8c9cb658343bb6c90b6dbc7bfbd332d441 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -180,8 +180,8 @@ int ssl3_accept(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        if (s->cert == NULL)
                {
@@ -670,6 +670,18 @@ static int ssl3_get_client_hello(SSL *s)
        s->client_version=(((int)p[0])<<8)|(int)p[1];
        p+=2;
 
+       if (s->client_version < s->version)
+               {
+               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+               if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+                       {
+                       /* similar to ssl3_get_record, send alert using remote version number */
+                       s->version = s->client_version;
+                       }
+               al = SSL_AD_PROTOCOL_VERSION;
+               goto f_err;
+               }
+
        /* load the client random */
        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
@@ -1618,7 +1630,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
 
-               if (!EVP_DecryptInit_ex(&ciph_ctx,enc,kssl_ctx->key,iv))
+               if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);