From cb0369d885c9df71f7fbd791ded0f706212f1f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 10 Sep 1999 16:41:01 +0000 Subject: [PATCH] Repair another bug in s23_get_client_hello: tls1 did not survive to restarts, so get rid of it. --- ssl/s23_srvr.c | 39 ++++++++++++++++++--------------------- ssl/ssltest.c | 2 +- test/testssl | 2 +- 3 files changed, 20 insertions(+), 23 deletions(-) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 94d593f09f..8a3bc2ea1f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -191,7 +191,7 @@ int ssl23_get_client_hello(SSL *s) unsigned char *p,*d,*dd; unsigned int i; unsigned int csl,sil,cl; - int n=0,j,tls1=0; + int n=0,j; int type=0,use_sslv2_strong=0; int v[2]; @@ -229,12 +229,13 @@ int ssl23_get_client_hello(SSL *s) { if (!(s->options & SSL_OP_NO_TLSv1)) { - tls1=1; + s->version=TLS1_VERSION; /* type=2; */ /* done later to survive restarts */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } else if (!(s->options & SSL_OP_NO_SSLv3)) { + s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } @@ -245,6 +246,7 @@ int ssl23_get_client_hello(SSL *s) } else if (!(s->options & SSL_OP_NO_SSLv3)) { + s->version=SSL3_VERSION; /* type=2; */ s->state=SSL23_ST_SR_CLNT_HELLO_B; } @@ -329,11 +331,14 @@ int ssl23_get_client_hello(SSL *s) { if (!(s->options & SSL_OP_NO_TLSv1)) { + s->version=TLS1_VERSION; type=3; - tls1=1; } else if (!(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; type=3; + } } else if (!(s->options & SSL_OP_NO_SSLv3)) type=3; @@ -356,12 +361,14 @@ int ssl23_get_client_hello(SSL *s) next_bit: if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { - /* we have a SSLv3/TLSv1 in a SSLv2 header - * (other cases skip this state)* */ + /* we have SSLv3/TLSv1 in an SSLv2 header + * (other cases skip this state) */ + type=2; p=s->packet; - v[0] = p[3]; + v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; + n=((p[0]&0x7f)<<8)|p[1]; if (n > (1024*4)) { @@ -386,11 +393,8 @@ next_bit: goto err; } - *(d++)=SSL3_VERSION_MAJOR; - if (tls1) - *(d++)=TLS1_VERSION_MINOR; - else - *(d++)=SSL3_VERSION_MINOR; + *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ + *(d++) = v[1]; /* lets populate the random area */ /* get the chalenge_length */ @@ -499,16 +503,10 @@ next_bit: s->s3->rbuf.offset=0; } - if (tls1) - { - s->version=TLS1_VERSION; - s->method=TLSv1_server_method(); - } + if (s->version == TLS1_VERSION) + s->method = TLSv1_server_method(); else - { - s->version=SSL3_VERSION; - s->method=SSLv3_server_method(); - } + s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif @@ -530,4 +528,3 @@ err: if (buf != buf_space) Free(buf); return(-1); } - diff --git a/ssl/ssltest.c b/ssl/ssltest.c index bebe726192..5c6508efcf 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -727,7 +727,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) num = INT_MAX; if (num > 1) - --num; /* for testing restartability even more thoroughly */ + --num; /* test restartability even more thoroughly */ r = BIO_nwrite(io1, &dataptr, (int)num); assert(r > 0); diff --git a/test/testssl b/test/testssl index 5a76bdf778..1d04b939f3 100644 --- a/test/testssl +++ b/test/testssl @@ -64,7 +64,7 @@ echo test sslv2/sslv3 via BIO pair ./ssltest || exit 1 echo test sslv2/sslv3 w/o DHE via BIO pair -./ssltest -no_dhe || exit 1 +./ssltest -bio_pair -no_dhe || exit 1 echo test sslv2/sslv3 with server authentication ./ssltest -bio_pair -server_auth -CApath ../certs || exit 1 -- GitLab