From 13c9bb3ecec5f847b4c5295249e039d386e2d10e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 31 Mar 2015 00:18:31 +0100
Subject: Client side version negotiation rewrite

Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
---
 ssl/record/rec_layer_s3.c | 14 ++++++++++++++
 ssl/record/ssl3_record.c  |  3 ++-
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'ssl/record')

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 97f6e900c5..c20af880e3 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1124,6 +1124,20 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         goto f_err;
     }
 
+    if(s->version == TLS_ANY_VERSION
+            && (s->server || rr->type != SSL3_RT_ALERT)) {
+        /*
+         * If we've got this far and still haven't decided on what version
+         * we're using then this must be a client side alert we're dealing with
+         * (we don't allow heartbeats yet). We shouldn't be receiving anything
+         * other than a ClientHello if we are a server.
+         */
+        s->version = rr->rec_version;
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
     /*
      * In case of record types for which we have 'fragment' storage, fill
      * that so that we can process the data at a fixed place.
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 190abd26e8..ff09f0b16a 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -263,7 +263,8 @@ int ssl3_get_record(SSL *s)
 
             /* Lets check version */
             if (!s->first_packet) {
-                if (version != s->version) {
+                if (version != s->version
+                        && s->method->version != TLS_ANY_VERSION) {
                     SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
                     if ((s->version & 0xFF00) == (version & 0xFF00)
                         && !s->enc_write_ctx && !s->write_hash)
-- 
cgit v1.2.3