diff options
| author | djm <> | 2010-10-01 22:54:21 +0000 |
|---|---|---|
| committer | djm <> | 2010-10-01 22:54:21 +0000 |
| commit | 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch) | |
| tree | e03b9f1bd051e844b971936729e9df549a209130 /src/lib/libssl/s23_srvr.c | |
| parent | e6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff) | |
| download | openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2 openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip | |
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libssl/s23_srvr.c')
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index ba06e7ae2e..836dd1f1cf 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -116,9 +116,9 @@ | |||
| 116 | #include <openssl/objects.h> | 116 | #include <openssl/objects.h> |
| 117 | #include <openssl/evp.h> | 117 | #include <openssl/evp.h> |
| 118 | 118 | ||
| 119 | static SSL_METHOD *ssl23_get_server_method(int ver); | 119 | static const SSL_METHOD *ssl23_get_server_method(int ver); |
| 120 | int ssl23_get_client_hello(SSL *s); | 120 | int ssl23_get_client_hello(SSL *s); |
| 121 | static SSL_METHOD *ssl23_get_server_method(int ver) | 121 | static const SSL_METHOD *ssl23_get_server_method(int ver) |
| 122 | { | 122 | { |
| 123 | #ifndef OPENSSL_NO_SSL2 | 123 | #ifndef OPENSSL_NO_SSL2 |
| 124 | if (ver == SSL2_VERSION) | 124 | if (ver == SSL2_VERSION) |
| @@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 315 | (p[1] == SSL3_VERSION_MAJOR) && | 315 | (p[1] == SSL3_VERSION_MAJOR) && |
| 316 | (p[5] == SSL3_MT_CLIENT_HELLO) && | 316 | (p[5] == SSL3_MT_CLIENT_HELLO) && |
| 317 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) | 317 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) |
| 318 | || (p[9] == p[1]))) | 318 | || (p[9] >= p[1]))) |
| 319 | { | 319 | { |
| 320 | /* | 320 | /* |
| 321 | * SSLv3 or tls1 header | 321 | * SSLv3 or tls1 header |
| @@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s) | |||
| 339 | v[1] = TLS1_VERSION_MINOR; | 339 | v[1] = TLS1_VERSION_MINOR; |
| 340 | #endif | 340 | #endif |
| 341 | } | 341 | } |
| 342 | /* if major version number > 3 set minor to a value | ||
| 343 | * which will use the highest version 3 we support. | ||
| 344 | * If TLS 2.0 ever appears we will need to revise | ||
| 345 | * this.... | ||
| 346 | */ | ||
| 347 | else if (p[9] > SSL3_VERSION_MAJOR) | ||
| 348 | v[1]=0xff; | ||
| 342 | else | 349 | else |
| 343 | v[1]=p[10]; /* minor version according to client_version */ | 350 | v[1]=p[10]; /* minor version according to client_version */ |
| 344 | if (v[1] >= TLS1_VERSION_MINOR) | 351 | if (v[1] >= TLS1_VERSION_MINOR) |
| @@ -386,15 +393,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 386 | } | 393 | } |
| 387 | } | 394 | } |
| 388 | 395 | ||
| 389 | #ifdef OPENSSL_FIPS | ||
| 390 | if (FIPS_mode() && (s->version < TLS1_VERSION)) | ||
| 391 | { | ||
| 392 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 393 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 394 | goto err; | ||
| 395 | } | ||
| 396 | #endif | ||
| 397 | |||
| 398 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 396 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 399 | { | 397 | { |
| 400 | /* we have SSLv3/TLSv1 in an SSLv2 header | 398 | /* we have SSLv3/TLSv1 in an SSLv2 header |
| @@ -425,7 +423,9 @@ int ssl23_get_client_hello(SSL *s) | |||
| 425 | n2s(p,sil); | 423 | n2s(p,sil); |
| 426 | n2s(p,cl); | 424 | n2s(p,cl); |
| 427 | d=(unsigned char *)s->init_buf->data; | 425 | d=(unsigned char *)s->init_buf->data; |
| 428 | if ((csl+sil+cl+11) != s->packet_length) | 426 | if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format |
| 427 | * Client Hello, can we? Error condition should be | ||
| 428 | * '>' otherweise */ | ||
| 429 | { | 429 | { |
| 430 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); | 430 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); |
| 431 | goto err; | 431 | goto err; |
| @@ -468,6 +468,15 @@ int ssl23_get_client_hello(SSL *s) | |||
| 468 | *(d++)=1; | 468 | *(d++)=1; |
| 469 | *(d++)=0; | 469 | *(d++)=0; |
| 470 | 470 | ||
| 471 | #if 0 | ||
| 472 | /* copy any remaining data with may be extensions */ | ||
| 473 | p = p+csl+sil+cl; | ||
| 474 | while (p < s->packet+s->packet_length) | ||
| 475 | { | ||
| 476 | *(d++)=*(p++); | ||
| 477 | } | ||
| 478 | #endif | ||
| 479 | |||
| 471 | i = (d-(unsigned char *)s->init_buf->data) - 4; | 480 | i = (d-(unsigned char *)s->init_buf->data) - 4; |
| 472 | l2n3((long)i, d_len); | 481 | l2n3((long)i, d_len); |
| 473 | 482 | ||
| @@ -543,6 +552,10 @@ int ssl23_get_client_hello(SSL *s) | |||
| 543 | * for SSLv3 */ | 552 | * for SSLv3 */ |
| 544 | s->rstate=SSL_ST_READ_HEADER; | 553 | s->rstate=SSL_ST_READ_HEADER; |
| 545 | s->packet_length=n; | 554 | s->packet_length=n; |
| 555 | if (s->s3->rbuf.buf == NULL) | ||
| 556 | if (!ssl3_setup_read_buffer(s)) | ||
| 557 | goto err; | ||
| 558 | |||
| 546 | s->packet= &(s->s3->rbuf.buf[0]); | 559 | s->packet= &(s->s3->rbuf.buf[0]); |
| 547 | memcpy(s->packet,buf,n); | 560 | memcpy(s->packet,buf,n); |
| 548 | s->s3->rbuf.left=n; | 561 | s->s3->rbuf.left=n; |