Revision aa3b4b4d deps/openssl/openssl/ssl/s23_srvr.c
deps/openssl/openssl/ssl/s23_srvr.c | ||
---|---|---|
348 | 348 |
* Client Hello message, this would be difficult, and we'd have |
349 | 349 |
* to read more records to find out. |
350 | 350 |
* No known SSL 3.0 client fragments ClientHello like this, |
351 |
* so we simply assume TLS 1.0 to avoid protocol version downgrade
|
|
352 |
* attacks. */ |
|
351 |
* so we simply reject such connections to avoid
|
|
352 |
* protocol version downgrade attacks. */
|
|
353 | 353 |
if (p[3] == 0 && p[4] < 6) |
354 | 354 |
{ |
355 |
#if 0 |
|
356 | 355 |
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); |
357 | 356 |
goto err; |
358 |
#else |
|
359 |
v[1] = TLS1_VERSION_MINOR; |
|
360 |
#endif |
|
361 | 357 |
} |
362 | 358 |
/* if major version number > 3 set minor to a value |
363 | 359 |
* which will use the highest version 3 we support. |
364 | 360 |
* If TLS 2.0 ever appears we will need to revise |
365 | 361 |
* this.... |
366 | 362 |
*/ |
367 |
else if (p[9] > SSL3_VERSION_MAJOR)
|
|
363 |
if (p[9] > SSL3_VERSION_MAJOR) |
|
368 | 364 |
v[1]=0xff; |
369 | 365 |
else |
370 | 366 |
v[1]=p[10]; /* minor version according to client_version */ |
... | ... | |
444 | 440 |
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ |
445 | 441 |
v[1] = p[4]; |
446 | 442 |
|
443 |
/* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 |
|
444 |
* header is sent directly on the wire, not wrapped as a TLS |
|
445 |
* record. It's format is: |
|
446 |
* Byte Content |
|
447 |
* 0-1 msg_length |
|
448 |
* 2 msg_type |
|
449 |
* 3-4 version |
|
450 |
* 5-6 cipher_spec_length |
|
451 |
* 7-8 session_id_length |
|
452 |
* 9-10 challenge_length |
|
453 |
* ... ... |
|
454 |
*/ |
|
447 | 455 |
n=((p[0]&0x7f)<<8)|p[1]; |
448 | 456 |
if (n > (1024*4)) |
449 | 457 |
{ |
450 | 458 |
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); |
451 | 459 |
goto err; |
452 | 460 |
} |
461 |
if (n < 9) |
|
462 |
{ |
|
463 |
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); |
|
464 |
goto err; |
|
465 |
} |
|
453 | 466 |
|
454 | 467 |
j=ssl23_read_bytes(s,n+2); |
468 |
/* We previously read 11 bytes, so if j > 0, we must have |
|
469 |
* j == n+2 == s->packet_length. We have at least 11 valid |
|
470 |
* packet bytes. */ |
|
455 | 471 |
if (j <= 0) return(j); |
456 | 472 |
|
457 | 473 |
ssl3_finish_mac(s, s->packet+2, s->packet_length-2); |
Also available in: Unified diff