1 files changed, 592 insertions, 0 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
new file mode 100644
index 0000000000..2aad21e93c
--- /dev/null
+++ b/src/lib/libssl/s23_srvr.c
@@ -0,0 +1,592 @@
+/* ssl/s23_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+static const SSL_METHOD *ssl23_get_server_method(int ver);
+int ssl23_get_client_hello(SSL *s);
+static const SSL_METHOD
+*ssl23_get_server_method(int ver)
+{
+#ifndef OPENSSL_NO_SSL2
+        if (ver == SSL2_VERSION)
+                return (SSLv2_server_method());
+#endif
+        if (ver == SSL3_VERSION)
+                return (SSLv3_server_method());
+        else if (ver == TLS1_VERSION)
+                return (TLSv1_server_method());
+        else if (ver == TLS1_1_VERSION)
+                return (TLSv1_1_server_method());
+        else if (ver == TLS1_2_VERSION)
+                return (TLSv1_2_server_method());
+        else
+                return (NULL);
+}
+IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+    ssl23_accept, ssl_undefined_function, ssl23_get_server_method)
+int
+ssl23_accept(SSL *s)
+{
+        BUF_MEM *buf;
+        void (*cb)(const SSL *ssl, int type, int val) = NULL;
+        int ret = -1;
+        int new_state, state;
+        ERR_clear_error();
+        errno = 0;
+        if (s->info_callback != NULL)
+                cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+                cb = s->ctx->info_callback;
+        s->in_handshake++;
+        if (!SSL_in_init(s) || SSL_in_before(s))
+                SSL_clear(s);
+        for (;;) {
+                state = s->state;
+                switch (s->state) {
+                case SSL_ST_BEFORE:
+                case SSL_ST_ACCEPT:
+                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
+                case SSL_ST_OK|SSL_ST_ACCEPT:
+                        s->server = 1;
+                        if (cb != NULL)
+                                cb(s, SSL_CB_HANDSHAKE_START, 1);
+                        /* s->version=SSL3_VERSION; */
+                        s->type = SSL_ST_ACCEPT;
+                        if (s->init_buf == NULL) {
+                                if ((buf = BUF_MEM_new()) == NULL) {
+                                        ret = -1;
+                                        goto end;
+                                }
+                                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                                        ret = -1;
+                                        goto end;
+                                }
+                                s->init_buf = buf;
+                        }
+                        ssl3_init_finished_mac(s);
+                        s->state = SSL23_ST_SR_CLNT_HELLO_A;
+                        s->ctx->stats.sess_accept++;
+                        s->init_num = 0;
+                        break;
+                case SSL23_ST_SR_CLNT_HELLO_A:
+                case SSL23_ST_SR_CLNT_HELLO_B:
+                        s->shutdown = 0;
+                        ret = ssl23_get_client_hello(s);
+                        if (ret >= 0)
+                                cb = NULL;
+                        goto end;
+                        /* break; */
+                default:
+                        SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
+                        ret = -1;
+                        goto end;
+                        /* break; */
+                }
+                if ((cb != NULL) && (s->state != state)) {
+                        new_state = s->state;
+                        s->state = state;
+                        cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                        s->state = new_state;
+                }
+        }
+end:
+        s->in_handshake--;
+        if (cb != NULL)
+                cb(s, SSL_CB_ACCEPT_EXIT, ret);
+        return (ret);
+}
+int
+ssl23_get_client_hello(SSL *s)
+{
+        char buf_space[11]; /* Request this many bytes in initial read.
+        * We can detect SSL 3.0/TLS 1.0 Client Hellos
+        * ('type == 3') correctly only when the following
+        * is in a single record, which is not guaranteed by
+        * the protocol specification:
+        * Byte  Content
+        *  0     type            \
+                             *  1/2   version          > record header
+        *  3/4   length          /
+        *  5     msg_type        \
+                             *  6-8   length           > Client Hello message
+        *  9/10  client_version  /
+                             */
+        char *buf = &(buf_space[0]);
+        unsigned char *p, *d, *d_len, *dd;
+        unsigned int i;
+        unsigned int csl, sil, cl;
+        int n = 0, j;
+        int type = 0;
+        int v[2];
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
+                /* read the initial header */
+                v[0] = v[1] = 0;
+                if (!ssl3_setup_buffers(s))
+                        goto err;
+                n = ssl23_read_bytes(s, sizeof buf_space);
+                if (n != sizeof buf_space)
+                        return(n); /* n == -1 || n == 0 */
+                p = s->packet;
+                memcpy(buf, p, n);
+                if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
+                        /*
+                         * SSLv2 header
+                         */
+                        if ((p[3] == 0x00) && (p[4] == 0x02)) {
+                                v[0] = p[3];
+                                v[1] = p[4];
+                                /* SSLv2 */
+                                if (!(s->options & SSL_OP_NO_SSLv2))
+                                        type = 1;
+                        } else if (p[3] == SSL3_VERSION_MAJOR) {
+                                v[0] = p[3];
+                                v[1] = p[4];
+                                /* SSLv3/TLSv1 */
+                                if (p[4] >= TLS1_VERSION_MINOR) {
+                                        if (p[4] >= TLS1_2_VERSION_MINOR &&
+                                            !(s->options & SSL_OP_NO_TLSv1_2)) {
+                                                s->version = TLS1_2_VERSION;
+                                                s->state = SSL23_ST_SR_CLNT_HELLO_B;
+                                        } else if (p[4] >= TLS1_1_VERSION_MINOR &&
+                                            !(s->options & SSL_OP_NO_TLSv1_1)) {
+                                                s->version = TLS1_1_VERSION;
+                                                /* type=2; */ /* done later to survive restarts */
+                                                s->state = SSL23_ST_SR_CLNT_HELLO_B;
+                                        } else if (!(s->options & SSL_OP_NO_TLSv1)) {
+                                                s->version = TLS1_VERSION;
+                                                /* type=2; */ /* done later to survive restarts */
+                                                s->state = SSL23_ST_SR_CLNT_HELLO_B;
+                                        } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+                                                s->version = SSL3_VERSION;
+                                                /* type=2; */
+                                                s->state = SSL23_ST_SR_CLNT_HELLO_B;
+                                        } else if (!(s->options & SSL_OP_NO_SSLv2)) {
+                                                type = 1;
+                                        }
+                                } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+                                        s->version = SSL3_VERSION;
+                                        /* type=2; */
+                                        s->state = SSL23_ST_SR_CLNT_HELLO_B;
+                                } else if (!(s->options & SSL_OP_NO_SSLv2))
+                                        type = 1;
+                        }
+                } else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+                    (p[1] == SSL3_VERSION_MAJOR) &&
+                    (p[5] == SSL3_MT_CLIENT_HELLO) &&
+                    ((p[3] == 0 && p[4] < 5 /* silly record length? */)
+                    || (p[9] >= p[1]))) {
+                        /*
+                         * SSLv3 or tls1 header
+                         */
+                        v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+                        /* We must look at client_version inside the Client Hello message
+                         * to get the correct minor version.
+                         * However if we have only a pathologically small fragment of the
+                         * Client Hello message, this would be difficult, and we'd have
+                         * to read more records to find out.
+                         * No known SSL 3.0 client fragments ClientHello like this,
+                         * so we simply assume TLS 1.0 to avoid protocol version downgrade
+                         * attacks. */
+                        if (p[3] == 0 && p[4] < 6) {
+#if 0
+                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
+                                goto err;
+#else
+                                v[1] = TLS1_VERSION_MINOR;
+#endif
+                        }
+                        /* if major version number > 3 set minor to a value
+                         * which will use the highest version 3 we support.
+                         * If TLS 2.0 ever appears we will need to revise
+                         * this....
+                         */
+                        else if (p[9] > SSL3_VERSION_MAJOR)
+                                v[1] = 0xff;
+                        else
+                                v[1] = p[10]; /* minor version according to client_version */
+                        if (v[1] >= TLS1_VERSION_MINOR) {
+                                if (v[1] >= TLS1_2_VERSION_MINOR &&
+                                    !(s->options & SSL_OP_NO_TLSv1_2)) {
+                                        s->version = TLS1_2_VERSION;
+                                        type = 3;
+                                } else if (v[1] >= TLS1_1_VERSION_MINOR &&
+                                    !(s->options & SSL_OP_NO_TLSv1_1)) {
+                                        s->version = TLS1_1_VERSION;
+                                        type = 3;
+                                } else if (!(s->options & SSL_OP_NO_TLSv1)) {
+                                        s->version = TLS1_VERSION;
+                                        type = 3;
+                                } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+                                        s->version = SSL3_VERSION;
+                                        type = 3;
+                                }
+                        } else {
+                                /* client requests SSL 3.0 */
+                                if (!(s->options & SSL_OP_NO_SSLv3)) {
+                                        s->version = SSL3_VERSION;
+                                        type = 3;
+                                } else if (!(s->options & SSL_OP_NO_TLSv1)) {
+                                        /* we won't be able to use TLS of course,
+                                         * but this will send an appropriate alert */
+                                        s->version = TLS1_VERSION;
+                                        type = 3;
+                                }
+                        }
+                }
+                else if ((strncmp("GET ", (char *)p, 4) == 0) ||
+                    (strncmp("POST ",(char *)p, 5) == 0) ||
+                    (strncmp("HEAD ",(char *)p, 5) == 0) ||
+                    (strncmp("PUT ", (char *)p, 4) == 0)) {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
+                        goto err;
+                } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
+                        goto err;
+                }
+        }
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && (s->version < TLS1_VERSION)) {
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                    SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                goto err;
+        }
+#endif
+        if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
+                /* we have SSLv3/TLSv1 in an SSLv2 header
+                 * (other cases skip this state) */
+                type = 2;
+                p = s->packet;
+                v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+                v[1] = p[4];
+                n = ((p[0] & 0x7f) << 8) | p[1];
+                if (n > (1024 * 4)) {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
+                        goto err;
+                }
+                j = ssl23_read_bytes(s, n + 2);
+                if (j <= 0)
+                        return (j);
+                ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
+                if (s->msg_callback)
+                        s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+                p = s->packet;
+                p += 5;
+                n2s(p, csl);
+                n2s(p, sil);
+                n2s(p, cl);
+                d = (unsigned char *)s->init_buf->data;
+                if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
+                        * Client Hello, can we ? Error condition should be
+                                                          * '>' otherweise */
+                {
+                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+                        goto err;
+                }
+                /* record header: msg_type ... */
+                *(d++) = SSL3_MT_CLIENT_HELLO;
+                /* ... and length (actual value will be written later) */
+                d_len = d;
+                d += 3;
+                /* client_version */
+                *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+                *(d++) = v[1];
+                /* lets populate the random area */
+                /* get the challenge_length */
+                i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
+                memset(d, 0, SSL3_RANDOM_SIZE);
+                memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
+                d += SSL3_RANDOM_SIZE;
+                /* no session-id reuse */
+                *(d++) = 0;
+                /* ciphers */
+                j = 0;
+                dd = d;
+                d += 2;
+                for (i = 0; i < csl; i += 3) {
+                        if (p[i] != 0)
+                                continue;
+                        *(d++) = p[i + 1];
+                        *(d++) = p[i + 2];
+                        j += 2;
+                }
+                s2n(j, dd);
+                /* COMPRESSION */
+                *(d++) = 1;
+                *(d++) = 0;
+#if 0
+                /* copy any remaining data with may be extensions */
+                p = p + csl + sil + cl;
+                while (p <  s->packet + s->packet_length) {
+                        *(d++)=*(p++);
+                }
+#endif
+                i = (d - (unsigned char *)s->init_buf->data) - 4;
+                l2n3((long)i, d_len);
+                /* get the data reused from the init_buf */
+                s->s3->tmp.reuse_message = 1;
+                s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
+                s->s3->tmp.message_size = i;
+        }
+        /* imaginary new state (for program structure): */
+        /* s->state = SSL23_SR_CLNT_HELLO_C */
+        if (type == 1) {
+#ifdef OPENSSL_NO_SSL2
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+                goto err;
+#else
+                /* we are talking sslv2 */
+                /* we need to clean up the SSLv3/TLSv1 setup and put in the
+                 * sslv2 stuff. */
+                if (s->s2 == NULL) {
+                        if (!ssl2_new(s))
+                                goto err;
+                } else
+                        ssl2_clear(s);
+                if (s->s3 != NULL)
+                        ssl3_free(s);
+                if (!BUF_MEM_grow_clean(s->init_buf,
+                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+                        goto err;
+                }
+                s->state = SSL2_ST_GET_CLIENT_HELLO_A;
+                if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
+                        s->s2->ssl2_rollback = 0;
+                else
+                        /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+                         * (SSL 3.0 draft/RFC 2246, App. E.2) */
+                s->s2->ssl2_rollback = 1;
+                /* setup the n bytes we have read so we get them from
+                 * the sslv2 buffer */
+                s->rstate = SSL_ST_READ_HEADER;
+                s->packet_length = n;
+                s->packet = &(s->s2->rbuf[0]);
+                memcpy(s->packet, buf, n);
+                s->s2->rbuf_left = n;
+                s->s2->rbuf_offs = 0;
+                s->method = SSLv2_server_method();
+                s->handshake_func = s->method->ssl_accept;
+#endif
+        }
+        if ((type == 2) || (type == 3)) {
+                /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+                if (!ssl_init_wbio_buffer(s, 1)) goto err;
+                /* we are in this state */
+                s->state = SSL3_ST_SR_CLNT_HELLO_A;
+                if (type == 3) {
+                        /* put the 'n' bytes we have read into the input buffer
+                         * for SSLv3 */
+                        s->rstate = SSL_ST_READ_HEADER;
+                        s->packet_length = n;
+                        if (s->s3->rbuf.buf == NULL)
+                                if (!ssl3_setup_read_buffer(s))
+                                        goto err;
+                        s->packet = &(s->s3->rbuf.buf[0]);
+                        memcpy(s->packet, buf, n);
+                        s->s3->rbuf.left = n;
+                        s->s3->rbuf.offset = 0;
+                } else {
+                        s->packet_length = 0;
+                        s->s3->rbuf.left = 0;
+                        s->s3->rbuf.offset = 0;
+                }
+                if (s->version == TLS1_2_VERSION)
+                        s->method = TLSv1_2_server_method();
+                else if (s->version == TLS1_1_VERSION)
+                        s->method = TLSv1_1_server_method();
+                else if (s->version == TLS1_VERSION)
+                        s->method = TLSv1_server_method();
+                else
+                        s->method = SSLv3_server_method();
+#if 0 /* ssl3_get_client_hello does this */
+                s->client_version = (v[0]<<8)|v[1];
+#endif
+                s->handshake_func = s->method->ssl_accept;
+        }
+        if ((type < 1) || (type > 3)) {
+                /* bad, very bad */
+                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+                goto err;
+        }
+        s->init_num = 0;
+        if (buf != buf_space)
+                OPENSSL_free(buf);
+        return (SSL_accept(s));
+err:
+        if (buf != buf_space)
+                OPENSSL_free(buf);
+        return (-1);
+}

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c new file mode 100644 index 0000000000..2aad21e93c --- /dev/null +++ b/src/lib/libssl/s23_srvr.c
@@ -0,0 +1,592 @@
	1	/* ssl/s23_srvr.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58	/* ====================================================================
	59	* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
	60	*
	61	* Redistribution and use in source and binary forms, with or without
	62	* modification, are permitted provided that the following conditions
	63	* are met:
	64	*
	65	* 1. Redistributions of source code must retain the above copyright
	66	* notice, this list of conditions and the following disclaimer.
	67	*
	68	* 2. Redistributions in binary form must reproduce the above copyright
	69	* notice, this list of conditions and the following disclaimer in
	70	* the documentation and/or other materials provided with the
	71	* distribution.
	72	*
	73	* 3. All advertising materials mentioning features or use of this
	74	* software must display the following acknowledgment:
	75	* "This product includes software developed by the OpenSSL Project
	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	77	*
	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	79	* endorse or promote products derived from this software without
	80	* prior written permission. For written permission, please contact
	81	* openssl-core@openssl.org.
	82	*
	83	* 5. Products derived from this software may not be called "OpenSSL"
	84	* nor may "OpenSSL" appear in their names without prior written
	85	* permission of the OpenSSL Project.
	86	*
	87	* 6. Redistributions of any form whatsoever must retain the following
	88	* acknowledgment:
	89	* "This product includes software developed by the OpenSSL Project
	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	91	*
	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
	104	* ====================================================================
	105	*
	106	* This product includes cryptographic software written by Eric Young
	107	* (eay@cryptsoft.com). This product includes software written by Tim
	108	* Hudson (tjh@cryptsoft.com).
	109	*
	110	*/
	111
	112	#include <stdio.h>
	113	#include "ssl_locl.h"
	114	#include <openssl/buffer.h>
	115	#include <openssl/rand.h>
	116	#include <openssl/objects.h>
	117	#include <openssl/evp.h>
	118	#ifdef OPENSSL_FIPS
	119	#include <openssl/fips.h>
	120	#endif
	121
	122	static const SSL_METHOD *ssl23_get_server_method(int ver);
	123	int ssl23_get_client_hello(SSL *s);
	124	static const SSL_METHOD
	125	*ssl23_get_server_method(int ver)
	126	{
	127	#ifndef OPENSSL_NO_SSL2
	128	if (ver == SSL2_VERSION)
	129	return (SSLv2_server_method());
	130	#endif
	131	if (ver == SSL3_VERSION)
	132	return (SSLv3_server_method());
	133	else if (ver == TLS1_VERSION)
	134	return (TLSv1_server_method());
	135	else if (ver == TLS1_1_VERSION)
	136	return (TLSv1_1_server_method());
	137	else if (ver == TLS1_2_VERSION)
	138	return (TLSv1_2_server_method());
	139	else
	140	return (NULL);
	141	}
	142
	143	IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
	144	ssl23_accept, ssl_undefined_function, ssl23_get_server_method)
	145
	146	int
	147	ssl23_accept(SSL *s)
	148	{
	149	BUF_MEM *buf;
	150	void (cb)(const SSL ssl, int type, int val) = NULL;
	151	int ret = -1;
	152	int new_state, state;
	153
	154	ERR_clear_error();
	155	errno = 0;
	156
	157	if (s->info_callback != NULL)
	158	cb = s->info_callback;
	159	else if (s->ctx->info_callback != NULL)
	160	cb = s->ctx->info_callback;
	161
	162	s->in_handshake++;
	163	if (!SSL_in_init(s) \|\| SSL_in_before(s))
	164	SSL_clear(s);
	165
	166	for (;;) {
	167	state = s->state;
	168
	169	switch (s->state) {
	170	case SSL_ST_BEFORE:
	171	case SSL_ST_ACCEPT:
	172	case SSL_ST_BEFORE\|SSL_ST_ACCEPT:
	173	case SSL_ST_OK\|SSL_ST_ACCEPT:
	174
	175	s->server = 1;
	176	if (cb != NULL)
	177	cb(s, SSL_CB_HANDSHAKE_START, 1);
	178
	179	/* s->version=SSL3_VERSION; */
	180	s->type = SSL_ST_ACCEPT;
	181
	182	if (s->init_buf == NULL) {
	183	if ((buf = BUF_MEM_new()) == NULL) {
	184	ret = -1;
	185	goto end;
	186	}
	187	if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
	188	ret = -1;
	189	goto end;
	190	}
	191	s->init_buf = buf;
	192	}
	193
	194	ssl3_init_finished_mac(s);
	195
	196	s->state = SSL23_ST_SR_CLNT_HELLO_A;
	197	s->ctx->stats.sess_accept++;
	198	s->init_num = 0;
	199	break;
	200
	201	case SSL23_ST_SR_CLNT_HELLO_A:
	202	case SSL23_ST_SR_CLNT_HELLO_B:
	203
	204	s->shutdown = 0;
	205	ret = ssl23_get_client_hello(s);
	206	if (ret >= 0)
	207	cb = NULL;
	208	goto end;
	209	/* break; */
	210
	211	default:
	212	SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
	213	ret = -1;
	214	goto end;
	215	/* break; */
	216	}
	217
	218	if ((cb != NULL) && (s->state != state)) {
	219	new_state = s->state;
	220	s->state = state;
	221	cb(s, SSL_CB_ACCEPT_LOOP, 1);
	222	s->state = new_state;
	223	}
	224	}
	225	end:
	226	s->in_handshake--;
	227	if (cb != NULL)
	228	cb(s, SSL_CB_ACCEPT_EXIT, ret);
	229	return (ret);
	230	}
	231
	232
	233	int
	234	ssl23_get_client_hello(SSL *s)
	235	{
	236	char buf_space[11]; /* Request this many bytes in initial read.
	237	* We can detect SSL 3.0/TLS 1.0 Client Hellos
	238	* ('type == 3') correctly only when the following
	239	* is in a single record, which is not guaranteed by
	240	* the protocol specification:
	241	* Byte Content
	242	* 0 type \
	243	* 1/2 version > record header
	244	* 3/4 length /
	245	* 5 msg_type \
	246	* 6-8 length > Client Hello message
	247	* 9/10 client_version /
	248	*/
	249	char *buf = &(buf_space[0]);
	250	unsigned char p, d, d_len, dd;
	251	unsigned int i;
	252	unsigned int csl, sil, cl;
	253	int n = 0, j;
	254	int type = 0;
	255	int v[2];
	256
	257	if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
	258	/* read the initial header */
	259	v[0] = v[1] = 0;
	260
	261	if (!ssl3_setup_buffers(s))
	262	goto err;
	263
	264	n = ssl23_read_bytes(s, sizeof buf_space);
	265	if (n != sizeof buf_space)
	266	return(n); /* n == -1 \|\| n == 0 */
	267
	268	p = s->packet;
	269
	270	memcpy(buf, p, n);
	271
	272	if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
	273	/*
	274	* SSLv2 header
	275	*/
	276	if ((p[3] == 0x00) && (p[4] == 0x02)) {
	277	v[0] = p[3];
	278	v[1] = p[4];
	279	/* SSLv2 */
	280	if (!(s->options & SSL_OP_NO_SSLv2))
	281	type = 1;
	282	} else if (p[3] == SSL3_VERSION_MAJOR) {
	283	v[0] = p[3];
	284	v[1] = p[4];
	285	/* SSLv3/TLSv1 */
	286	if (p[4] >= TLS1_VERSION_MINOR) {
	287	if (p[4] >= TLS1_2_VERSION_MINOR &&
	288	!(s->options & SSL_OP_NO_TLSv1_2)) {
	289	s->version = TLS1_2_VERSION;
	290	s->state = SSL23_ST_SR_CLNT_HELLO_B;
	291	} else if (p[4] >= TLS1_1_VERSION_MINOR &&
	292	!(s->options & SSL_OP_NO_TLSv1_1)) {
	293	s->version = TLS1_1_VERSION;
	294	/* type=2; / / done later to survive restarts */
	295	s->state = SSL23_ST_SR_CLNT_HELLO_B;
	296	} else if (!(s->options & SSL_OP_NO_TLSv1)) {
	297	s->version = TLS1_VERSION;
	298	/* type=2; / / done later to survive restarts */
	299	s->state = SSL23_ST_SR_CLNT_HELLO_B;
	300	} else if (!(s->options & SSL_OP_NO_SSLv3)) {
	301	s->version = SSL3_VERSION;
	302	/* type=2; */
	303	s->state = SSL23_ST_SR_CLNT_HELLO_B;
	304	} else if (!(s->options & SSL_OP_NO_SSLv2)) {
	305	type = 1;
	306	}
	307	} else if (!(s->options & SSL_OP_NO_SSLv3)) {
	308	s->version = SSL3_VERSION;
	309	/* type=2; */
	310	s->state = SSL23_ST_SR_CLNT_HELLO_B;
	311	} else if (!(s->options & SSL_OP_NO_SSLv2))
	312	type = 1;
	313
	314	}
	315	} else if ((p[0] == SSL3_RT_HANDSHAKE) &&
	316	(p[1] == SSL3_VERSION_MAJOR) &&
	317	(p[5] == SSL3_MT_CLIENT_HELLO) &&
	318	((p[3] == 0 && p[4] < 5 /* silly record length? */)
	319	\|\| (p[9] >= p[1]))) {
	320	/*
	321	* SSLv3 or tls1 header
	322	*/
	323
	324	v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
	325	/* We must look at client_version inside the Client Hello message
	326	* to get the correct minor version.
	327	* However if we have only a pathologically small fragment of the
	328	* Client Hello message, this would be difficult, and we'd have
	329	* to read more records to find out.
	330	* No known SSL 3.0 client fragments ClientHello like this,
	331	* so we simply assume TLS 1.0 to avoid protocol version downgrade
	332	* attacks. */
	333	if (p[3] == 0 && p[4] < 6) {
	334	#if 0
	335	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
	336	goto err;
	337	#else
	338	v[1] = TLS1_VERSION_MINOR;
	339	#endif
	340	}
	341	/* if major version number > 3 set minor to a value
	342	* which will use the highest version 3 we support.
	343	* If TLS 2.0 ever appears we will need to revise
	344	* this....
	345	*/
	346	else if (p[9] > SSL3_VERSION_MAJOR)
	347	v[1] = 0xff;
	348	else
	349	v[1] = p[10]; /* minor version according to client_version */
	350	if (v[1] >= TLS1_VERSION_MINOR) {
	351	if (v[1] >= TLS1_2_VERSION_MINOR &&
	352	!(s->options & SSL_OP_NO_TLSv1_2)) {
	353	s->version = TLS1_2_VERSION;
	354	type = 3;
	355	} else if (v[1] >= TLS1_1_VERSION_MINOR &&
	356	!(s->options & SSL_OP_NO_TLSv1_1)) {
	357	s->version = TLS1_1_VERSION;
	358	type = 3;
	359	} else if (!(s->options & SSL_OP_NO_TLSv1)) {
	360	s->version = TLS1_VERSION;
	361	type = 3;
	362	} else if (!(s->options & SSL_OP_NO_SSLv3)) {
	363	s->version = SSL3_VERSION;
	364	type = 3;
	365	}
	366	} else {
	367	/* client requests SSL 3.0 */
	368	if (!(s->options & SSL_OP_NO_SSLv3)) {
	369	s->version = SSL3_VERSION;
	370	type = 3;
	371	} else if (!(s->options & SSL_OP_NO_TLSv1)) {
	372	/* we won't be able to use TLS of course,
	373	* but this will send an appropriate alert */
	374	s->version = TLS1_VERSION;
	375	type = 3;
	376	}
	377	}
	378	}
	379	else if ((strncmp("GET ", (char *)p, 4) == 0) \|\|
	380	(strncmp("POST ",(char *)p, 5) == 0) \|\|
	381	(strncmp("HEAD ",(char *)p, 5) == 0) \|\|
	382	(strncmp("PUT ", (char *)p, 4) == 0)) {
	383	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
	384	goto err;
	385	} else if (strncmp("CONNECT", (char *)p, 7) == 0) {
	386	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
	387	goto err;
	388	}
	389	}
	390
	391	#ifdef OPENSSL_FIPS
	392	if (FIPS_mode() && (s->version < TLS1_VERSION)) {
	393	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
	394	SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
	395	goto err;
	396	}
	397	#endif
	398
	399	if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
	400	/* we have SSLv3/TLSv1 in an SSLv2 header
	401	* (other cases skip this state) */
	402
	403	type = 2;
	404	p = s->packet;
	405	v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
	406	v[1] = p[4];
	407
	408	n = ((p[0] & 0x7f) << 8) \| p[1];
	409	if (n > (1024 * 4)) {
	410	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
	411	goto err;
	412	}
	413
	414	j = ssl23_read_bytes(s, n + 2);
	415	if (j <= 0)
	416	return (j);
	417
	418	ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
	419	if (s->msg_callback)
	420	s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
	421
	422	p = s->packet;
	423	p += 5;
	424	n2s(p, csl);
	425	n2s(p, sil);
	426	n2s(p, cl);
	427	d = (unsigned char *)s->init_buf->data;
	428	if ((csl + sil + cl + 11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
	429	* Client Hello, can we ? Error condition should be
	430	* '>' otherweise */
	431	{
	432	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
	433	goto err;
	434	}
	435
	436	/* record header: msg_type ... */
	437	*(d++) = SSL3_MT_CLIENT_HELLO;
	438	/* ... and length (actual value will be written later) */
	439	d_len = d;
	440	d += 3;
	441
	442	/* client_version */
	443	(d++) = SSL3_VERSION_MAJOR; / == v[0] */
	444	*(d++) = v[1];
	445
	446	/* lets populate the random area */
	447	/* get the challenge_length */
	448	i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
	449	memset(d, 0, SSL3_RANDOM_SIZE);
	450	memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
	451	d += SSL3_RANDOM_SIZE;
	452
	453	/* no session-id reuse */
	454	*(d++) = 0;
	455
	456	/* ciphers */
	457	j = 0;
	458	dd = d;
	459	d += 2;
	460	for (i = 0; i < csl; i += 3) {
	461	if (p[i] != 0)
	462	continue;
	463	*(d++) = p[i + 1];
	464	*(d++) = p[i + 2];
	465	j += 2;
	466	}
	467	s2n(j, dd);
	468
	469	/* COMPRESSION */
	470	*(d++) = 1;
	471	*(d++) = 0;
	472
	473	#if 0
	474	/* copy any remaining data with may be extensions */
	475	p = p + csl + sil + cl;
	476	while (p < s->packet + s->packet_length) {
	477	(d++)=(p++);
	478	}
	479	#endif
	480
	481	i = (d - (unsigned char *)s->init_buf->data) - 4;
	482	l2n3((long)i, d_len);
	483
	484	/* get the data reused from the init_buf */
	485	s->s3->tmp.reuse_message = 1;
	486	s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
	487	s->s3->tmp.message_size = i;
	488	}
	489
	490	/* imaginary new state (for program structure): */
	491	/* s->state = SSL23_SR_CLNT_HELLO_C */
	492
	493	if (type == 1) {
	494	#ifdef OPENSSL_NO_SSL2
	495	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
	496	goto err;
	497	#else
	498	/* we are talking sslv2 */
	499	/* we need to clean up the SSLv3/TLSv1 setup and put in the
	500	* sslv2 stuff. */
	501
	502	if (s->s2 == NULL) {
	503	if (!ssl2_new(s))
	504	goto err;
	505	} else
	506	ssl2_clear(s);
	507
	508	if (s->s3 != NULL)
	509	ssl3_free(s);
	510
	511	if (!BUF_MEM_grow_clean(s->init_buf,
	512	SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
	513	goto err;
	514	}
	515
	516	s->state = SSL2_ST_GET_CLIENT_HELLO_A;
	517	if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
	518	s->s2->ssl2_rollback = 0;
	519	else
	520	/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
	521	* (SSL 3.0 draft/RFC 2246, App. E.2) */
	522	s->s2->ssl2_rollback = 1;
	523
	524	/* setup the n bytes we have read so we get them from
	525	* the sslv2 buffer */
	526	s->rstate = SSL_ST_READ_HEADER;
	527	s->packet_length = n;
	528	s->packet = &(s->s2->rbuf[0]);
	529	memcpy(s->packet, buf, n);
	530	s->s2->rbuf_left = n;
	531	s->s2->rbuf_offs = 0;
	532
	533	s->method = SSLv2_server_method();
	534	s->handshake_func = s->method->ssl_accept;
	535	#endif
	536	}
	537
	538	if ((type == 2) \|\| (type == 3)) {
	539	/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
	540
	541	if (!ssl_init_wbio_buffer(s, 1)) goto err;
	542
	543	/* we are in this state */
	544	s->state = SSL3_ST_SR_CLNT_HELLO_A;
	545
	546	if (type == 3) {
	547	/* put the 'n' bytes we have read into the input buffer
	548	* for SSLv3 */
	549	s->rstate = SSL_ST_READ_HEADER;
	550	s->packet_length = n;
	551	if (s->s3->rbuf.buf == NULL)
	552	if (!ssl3_setup_read_buffer(s))
	553	goto err;
	554
	555	s->packet = &(s->s3->rbuf.buf[0]);
	556	memcpy(s->packet, buf, n);
	557	s->s3->rbuf.left = n;
	558	s->s3->rbuf.offset = 0;
	559	} else {
	560	s->packet_length = 0;
	561	s->s3->rbuf.left = 0;
	562	s->s3->rbuf.offset = 0;
	563	}
	564	if (s->version == TLS1_2_VERSION)
	565	s->method = TLSv1_2_server_method();
	566	else if (s->version == TLS1_1_VERSION)
	567	s->method = TLSv1_1_server_method();
	568	else if (s->version == TLS1_VERSION)
	569	s->method = TLSv1_server_method();
	570	else
	571	s->method = SSLv3_server_method();
	572	#if 0 /* ssl3_get_client_hello does this */
	573	s->client_version = (v[0]<<8)\|v[1];
	574	#endif
	575	s->handshake_func = s->method->ssl_accept;
	576	}
	577
	578	if ((type < 1) \|\| (type > 3)) {
	579	/* bad, very bad */
	580	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
	581	goto err;
	582	}
	583	s->init_num = 0;
	584
	585	if (buf != buf_space)
	586	OPENSSL_free(buf);
	587	return (SSL_accept(s));
	588	err:
	589	if (buf != buf_space)
	590	OPENSSL_free(buf);
	591	return (-1);
	592	}