diff options
| author | Matt Caswell <matt@openssl.org> | 2015-04-24 15:05:27 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-05-16 09:20:52 +0100 |
| commit | d45ba43dab962bdc84158efc0cdddd5f5a08cf5e (patch) | |
| tree | e79e390a6badf2ba24c3c973cbc62d7e65b14e4b /ssl/record | |
| parent | a27e81ee54112d8db40e409f45f1e9b88ccbf6b1 (diff) | |
Updates following review comments
Miscellaneous updates following review comments on the version negotiation
rewrite patches.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'ssl/record')
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 9 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 41 |
2 files changed, 21 insertions, 29 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index c20af880e3..456fac46d0 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1124,7 +1124,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto f_err; } - if(s->version == TLS_ANY_VERSION + if(s->method->version == TLS_ANY_VERSION && (s->server || rr->type != SSL3_RT_ALERT)) { /* * If we've got this far and still haven't decided on what version @@ -1493,11 +1493,18 @@ void ssl3_record_sequence_update(unsigned char *seq) } } +/* + * Returns true if the current rrec was sent in SSLv2 backwards compatible + * format and false otherwise. + */ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) { return SSL3_RECORD_is_sslv2_record(&rl->rrec); } +/* + * Returns the length in bytes of the current rrec + */ int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index ff09f0b16a..b0eb7cce92 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -220,16 +220,13 @@ int ssl3_get_record(SSL *s) /* * Check whether this is a regular record or an SSLv2 style record. The - * latter is only used in an initial ClientHello for old clients. + * latter is only used in an initial ClientHello for old clients. We + * check s->read_hash and s->enc_read_ctx to ensure this does not apply + * during renegotiation */ if (s->first_packet && s->server && !s->read_hash && !s->enc_read_ctx && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { /* SSLv2 style record */ - if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, p + 2, - RECORD_LAYER_get_packet_length(&s->rlayer) - 2, - s, s->msg_callback_arg); - rr->type = SSL3_RT_HANDSHAKE; rr->rec_version = SSL2_VERSION; @@ -262,19 +259,16 @@ int ssl3_get_record(SSL *s) n2s(p, rr->length); /* Lets check version */ - if (!s->first_packet) { - if (version != s->version - && s->method->version != TLS_ANY_VERSION) { - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) - /* - * Send back error using their minor version number :-) - */ - s->version = (unsigned short)version; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } + if (!s->first_packet && version != s->version) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); + if ((s->version & 0xFF00) == (version & 0xFF00) + && !s->enc_write_ctx && !s->write_hash) + /* + * Send back error using their minor version number :-) + */ + s->version = (unsigned short)version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; } if ((version >> 8) != SSL3_VERSION_MAJOR) { @@ -309,15 +303,6 @@ int ssl3_get_record(SSL *s) n = ssl3_read_n(s, i, i, 1); if (n <= 0) return (n); /* error or non-blocking io */ - /* - * now n == rr->length, and - * s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length - * or - * s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length - * (if SSLv2 packet) - */ - } else { - n = 0; } /* set state for later operations */ |