summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_srvr.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c6d340026a..28f0fc486a 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.153 2017/01/24 14:57:31 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.154 2017/01/26 05:31:25 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -730,6 +730,8 @@ ssl3_get_client_hello(SSL *s)
730 SSL_CIPHER *c; 730 SSL_CIPHER *c;
731 STACK_OF(SSL_CIPHER) *ciphers = NULL; 731 STACK_OF(SSL_CIPHER) *ciphers = NULL;
732 unsigned long alg_k; 732 unsigned long alg_k;
733 const SSL_METHOD *method;
734 uint16_t shared_version;
733 735
734 /* 736 /*
735 * We do this so that we will respond with our native type. 737 * We do this so that we will respond with our native type.
@@ -741,6 +743,7 @@ ssl3_get_client_hello(SSL *s)
741 if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) { 743 if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
742 s->internal->state = SSL3_ST_SR_CLNT_HELLO_B; 744 s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
743 } 745 }
746
744 s->internal->first_packet = 1; 747 s->internal->first_packet = 1;
745 n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 748 n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
746 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 749 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
@@ -749,6 +752,7 @@ ssl3_get_client_hello(SSL *s)
749 if (!ok) 752 if (!ok)
750 return ((int)n); 753 return ((int)n);
751 s->internal->first_packet = 0; 754 s->internal->first_packet = 0;
755
752 d = p = (unsigned char *)s->internal->init_msg; 756 d = p = (unsigned char *)s->internal->init_msg;
753 757
754 if (2 > n) 758 if (2 > n)
@@ -760,21 +764,28 @@ ssl3_get_client_hello(SSL *s)
760 s->client_version = (((int)p[0]) << 8)|(int)p[1]; 764 s->client_version = (((int)p[0]) << 8)|(int)p[1];
761 p += 2; 765 p += 2;
762 766
763 if ((s->version == DTLS1_VERSION && s->client_version > s->version) || 767 if (ssl_max_shared_version(s, s->client_version, &shared_version) != 1) {
764 (s->version != DTLS1_VERSION && s->client_version < s->version)) { 768 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
765 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
766 SSL_R_WRONG_VERSION_NUMBER);
767 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && 769 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
768 !s->internal->enc_write_ctx && !s->internal->write_hash) { 770 !s->internal->enc_write_ctx && !s->internal->write_hash) {
769 /* 771 /*
770 * Similar to ssl3_get_record, send alert using remote 772 * Similar to ssl3_get_record, send alert using remote
771 * version number 773 * version number.
772 */ 774 */
773 s->version = s->client_version; 775 s->version = s->client_version;
774 } 776 }
775 al = SSL_AD_PROTOCOL_VERSION; 777 al = SSL_AD_PROTOCOL_VERSION;
776 goto f_err; 778 goto f_err;
777 } 779 }
780 s->version = shared_version;
781
782 if ((method = tls1_get_server_method(shared_version)) == NULL)
783 method = dtls1_get_server_method(shared_version);
784 if (method == NULL) {
785 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
786 goto err;
787 }
788 s->method = method;
778 789
779 /* 790 /*
780 * If we require cookies (DTLS) and this ClientHello doesn't 791 * If we require cookies (DTLS) and this ClientHello doesn't
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-09 10:14:35 +0000