From cb0369d885c9df71f7fbd791ded0f706212f1f4c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Fri, 10 Sep 1999 16:41:01 +0000
Subject: [PATCH] Repair another bug in s23_get_client_hello: tls1 did not
survive to restarts, so get rid of it.
---
ssl/s23_srvr.c | 39 ++++++++++++++++++---------------------
ssl/ssltest.c | 2 +-
test/testssl | 2 +-
3 files changed, 20 insertions(+), 23 deletions(-)
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 94d593f09f..8a3bc2ea1f 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -191,7 +191,7 @@ int ssl23_get_client_hello(SSL *s)
unsigned char *p,*d,*dd;
unsigned int i;
unsigned int csl,sil,cl;
- int n=0,j,tls1=0;
+ int n=0,j;
int type=0,use_sslv2_strong=0;
int v[2];
@@ -229,12 +229,13 @@ int ssl23_get_client_hello(SSL *s)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
- tls1=1;
+ s->version=TLS1_VERSION;
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
@@ -245,6 +246,7 @@ int ssl23_get_client_hello(SSL *s)
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
+ s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
@@ -329,11 +331,14 @@ int ssl23_get_client_hello(SSL *s)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
+ s->version=TLS1_VERSION;
type=3;
- tls1=1;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ s->version=SSL3_VERSION;
type=3;
+ }
}
else if (!(s->options & SSL_OP_NO_SSLv3))
type=3;
@@ -356,12 +361,14 @@ int ssl23_get_client_hello(SSL *s)
next_bit:
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
- /* we have a SSLv3/TLSv1 in a SSLv2 header
- * (other cases skip this state)* */
+ /* we have SSLv3/TLSv1 in an SSLv2 header
+ * (other cases skip this state) */
+
type=2;
p=s->packet;
- v[0] = p[3];
+ v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
+
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
@@ -386,11 +393,8 @@ next_bit:
goto err;
}
- *(d++)=SSL3_VERSION_MAJOR;
- if (tls1)
- *(d++)=TLS1_VERSION_MINOR;
- else
- *(d++)=SSL3_VERSION_MINOR;
+ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+ *(d++) = v[1];
/* lets populate the random area */
/* get the chalenge_length */
@@ -499,16 +503,10 @@ next_bit:
s->s3->rbuf.offset=0;
}
- if (tls1)
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_server_method();
- }
+ if (s->version == TLS1_VERSION)
+ s->method = TLSv1_server_method();
else
- {
- s->version=SSL3_VERSION;
- s->method=SSLv3_server_method();
- }
+ s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
@@ -530,4 +528,3 @@ err:
if (buf != buf_space) Free(buf);
return(-1);
}
-
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index bebe726192..5c6508efcf 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -727,7 +727,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
num = INT_MAX;
if (num > 1)
- --num; /* for testing restartability even more thoroughly */
+ --num; /* test restartability even more thoroughly */
r = BIO_nwrite(io1, &dataptr, (int)num);
assert(r > 0);
diff --git a/test/testssl b/test/testssl
index 5a76bdf778..1d04b939f3 100644
--- a/test/testssl
+++ b/test/testssl
@@ -64,7 +64,7 @@ echo test sslv2/sslv3 via BIO pair
./ssltest || exit 1
echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -no_dhe || exit 1
+./ssltest -bio_pair -no_dhe || exit 1
echo test sslv2/sslv3 with server authentication
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
--
2.25.1