LIB=$(TOP)/libssl.a
SHARED_LIB= libssl$(SHLIB_EXT)
LIBSRC= \
- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \
+ s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \
s3_both.c s3_cbc.c s3_msg.c \
t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \
d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c record/rec_layer_d1.c d1_msg.c \
bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c
LIBOBJ= \
- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \
+ s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \
s3_both.o s3_cbc.o s3_msg.o \
t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \
d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o record/rec_layer_d1.o d1_msg.o \
s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
s3_lib.o: ../include/openssl/x509_vfy.h record/record.h s3_lib.c ssl_locl.h
-s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s3_meth.o: record/record.h s3_meth.c ssl_locl.h
s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s3_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
s3_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
int ssl3_get_client_hello(SSL *s)
{
- int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
+ int i, complen, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
unsigned int cookie_len;
long n;
unsigned long id;
d = p = (unsigned char *)s->init_msg;
/* First lets get s->client_version set correctly */
- if (!s->read_hash && !s->enc_read_ctx
- && RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
- if (n < MIN_SSL2_RECORD_LEN) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
- }
+ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
/*-
* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
* header is sent directly on the wire, not wrapped as a TLS
/* Do SSL/TLS version negotiation if applicable */
if (!SSL_IS_DTLS(s)) {
if (s->version != TLS_ANY_VERSION) {
- if (s->client_version >= s->version
- && (((s->client_version >> 8) & 0xff) == SSL3_VERSION_MAJOR)) {
+ if (s->client_version >= s->version) {
protverr = 0;
}
- } else if (((s->client_version >> 8) & 0xff) == SSL3_VERSION_MAJOR) {
+ } else if (s->client_version >= SSL3_VERSION) {
switch(s->client_version) {
default:
case TLS1_2_VERSION:
}
/* Deliberately fall through */
case SSL3_VERSION:
+#ifndef OPENSSL_NO_SSL3
if(!(s->options & SSL_OP_NO_SSLv3)) {
s->version = SSL3_VERSION;
s->method = SSLv3_server_method();
protverr = 0;
break;
}
+#else
+ break;
+#endif
}
}
- } else if (((s->client_version >> 8) & 0xff) == DTLS1_VERSION_MAJOR &&
- (s->client_version <= s->version
- || s->method->version == DTLS_ANY_VERSION)) {
+ } else if (s->client_version <= s->version
+ || s->method->version == DTLS_ANY_VERSION) {
/*
* For DTLS we just check versions are potentially compatible. Version
* negotiation comes later.
/* Set p to end of packet to ensure we don't look for extensions */
p = d + n;
- /* No compression, so set i to 0 */
- i = 0;
+ /* No compression, so set complen to 0 */
+ complen = 0;
} else {
/* If we get here we've got SSLv3+ in an SSLv3+ record */
}
/* compression */
- i = *(p++);
- if ((p + i) > (d + n)) {
+ complen = *(p++);
+ if ((p + complen) > (d + n)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
#ifndef OPENSSL_NO_COMP
q = p;
#endif
- for (j = 0; j < i; j++) {
+ for (j = 0; j < complen; j++) {
if (p[j] == 0)
break;
}
- p += i;
- if (j >= i) {
+ p += complen;
+ if (j >= complen) {
/* no compress */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
/*
* Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
+ * options, we will now look for them. We have complen-1 compression
* algorithms from the client, starting at q.
*/
s->s3->tmp.new_compression = NULL;
goto f_err;
}
/* Look for resumed method in compression list */
- for (m = 0; m < i; m++) {
+ for (m = 0; m < complen; m++) {
if (q[m] == comp_id)
break;
}
- if (m >= i) {
+ if (m >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
for (m = 0; m < nn; m++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
v = comp->id;
- for (o = 0; o < i; o++) {
+ for (o = 0; o < complen; o++) {
if (v == q[o]) {
done = 1;
break;
projects / openssl.git / commitdiff