fix support for receiving fragmented handshake messages

diff --git a/CHANGES b/CHANGES
index 682a4f0994fec96aea802e4b3e03e871408fc863..3607fe9f3937105a844dcc7082047b4685287815 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,11 +4,6 @@
 
  Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]
 
-  *) Load error codes if they are not already present instead of using a
-     static variable. This allows them to be cleanly unloaded and reloaded.
-     Improve header file function name parsing.
-     [Steve Henson]
-
   *) Initial incomplete changes to avoid need for function casts in OpenSSL
      when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject
      their use. Safestack is reimplemented using inline functions: tests show
@@ -423,9 +418,21 @@
 
  Changes between 0.9.8d and 0.9.8e  [XX xxx XXXX]
 
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
   *) Add RFC 3779 support.
      [Rob Austein for ARIN, Ben Laurie]
 
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
  Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
 
   *) Introduce limits to prevent malicious keys being able to
@@ -1430,6 +1437,19 @@
      differing sizes.
      [Richard Levitte]
 
+ Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
  Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
 
   *) Introduce limits to prevent malicious keys being able to

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 0b099325e153da64ecb2408866a67c775026a424..8a047aeda7a29afe492f429c87e6a0615d1db88d 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -573,11 +573,7 @@ again:
                n2s(p,rr->length);
 
                /* Lets check version */
-               if (s->first_packet)
-                       {
-                       s->first_packet=0;
-                       }
-               else
+               if (!s->first_packet)
                        {
                        if (version != s->version)
                                {

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 610169b3ebf0e707f8dd05dec198e812b7db014c..1181d055bb82606084b1a7092eb0a092efdec835 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -638,7 +638,6 @@ static int ssl23_get_server_hello(SSL *s)
        if (!ssl_get_new_session(s,0))
                goto err;
 
-       s->first_packet=1;
        return(SSL_connect(s));
 err:
        return(-1);

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 4da169eb31a97b7bf5348636e96becf5340f7b43..ddf5d4c3f54b9e239b89b85a8c1876629e4f9e9d 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -576,7 +576,6 @@ int ssl23_get_client_hello(SSL *s)
        s->init_num=0;
 
        if (buf != buf_space) OPENSSL_free(buf);
-       s->first_packet=1;
        return(SSL_accept(s));
 err:
        if (buf != buf_space) OPENSSL_free(buf);

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 1d34cec324e19e89aa2b23fc21307e4dfefdafbb..6754e993c5c8d151bc3d8b19404ba1916fbd0ce5 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -307,11 +307,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 #endif
 
                /* Lets check version */
-               if (s->first_packet)
-                       {
-                       s->first_packet=0;
-                       }
-               else
+               if (!s->first_packet)
                        {
                        if (version != s->version)
                                {

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a83f8ac763feb0aadde12023ca95475055945064..f776dc0625925d64677a023878951209c6aaee62 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -715,9 +715,9 @@ int ssl3_get_client_hello(SSL *s)
         */
        if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
                {
-               s->first_packet=1;
                s->state=SSL3_ST_SR_CLNT_HELLO_B;
                }
+       s->first_packet=1;
        n=s->method->ssl_get_message(s,
                SSL3_ST_SR_CLNT_HELLO_B,
                SSL3_ST_SR_CLNT_HELLO_C,
@@ -726,6 +726,7 @@ int ssl3_get_client_hello(SSL *s)
                &ok);
 
        if (!ok) return((int)n);
+       s->first_packet=0;
        d=p=(unsigned char *)s->init_msg;
 
        /* use version from inside client hello, not from record header