fix support for receiving fragmented handshake messages

2006-11-29 14:45:50 +00:00 · 2006-11-29 14:45:50 +00:00 · 1e24b3a09e
commit 1e24b3a09e
parent 73b979e601
6 changed files with 29 additions and 18 deletions
--- a/30
+++ b/30
@ -4,11 +4,6 @@

 Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]

-  *) Load error codes if they are not already present instead of using a
-     static variable. This allows them to be cleanly unloaded and reloaded.
-     Improve header file function name parsing.
-     [Steve Henson]
-
  *) Initial incomplete changes to avoid need for function casts in OpenSSL
     when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject
     their use. Safestack is reimplemented using inline functions: tests show
@ -423,9 +418,21 @@

 Changes between 0.9.8d and 0.9.8e  [XX xxx XXXX]

+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
  *) Add RFC 3779 support.
     [Rob Austein for ARIN, Ben Laurie]

+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
 Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]

  *) Introduce limits to prevent malicious keys being able to
@ -1430,6 +1437,19 @@
     differing sizes.
     [Richard Levitte]

+ Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
 Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]

  *) Introduce limits to prevent malicious keys being able to
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@ -573,11 +573,7 @@ again:
 		n2s(p,rr->length);

 		/* Lets check version */
-		if (s->first_packet)
-			{
-			s->first_packet=0;
-			}
-		else
+		if (!s->first_packet)
 			{
 			if (version != s->version)
 				{
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@ -638,7 +638,6 @@ static int ssl23_get_server_hello(SSL *s)
 	if (!ssl_get_new_session(s,0))
 		goto err;

-	s->first_packet=1;
 	return(SSL_connect(s));
 err:
 	return(-1);
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@ -576,7 +576,6 @@ int ssl23_get_client_hello(SSL *s)
 	s->init_num=0;

 	if (buf != buf_space) OPENSSL_free(buf);
-	s->first_packet=1;
 	return(SSL_accept(s));
 err:
 	if (buf != buf_space) OPENSSL_free(buf);
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@ -307,11 +307,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 #endif

 		/* Lets check version */
-		if (s->first_packet)
-			{
-			s->first_packet=0;
-			}
-		else
+		if (!s->first_packet)
 			{
 			if (version != s->version)
 				{
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -715,9 +715,9 @@ int ssl3_get_client_hello(SSL *s)
 	 */
 	if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
 		{
-		s->first_packet=1;
 		s->state=SSL3_ST_SR_CLNT_HELLO_B;
 		}
+	s->first_packet=1;
 	n=s->method->ssl_get_message(s,
 		SSL3_ST_SR_CLNT_HELLO_B,
 		SSL3_ST_SR_CLNT_HELLO_C,
@ -726,6 +726,7 @@ int ssl3_get_client_hello(SSL *s)
 		&ok);

 	if (!ok) return((int)n);
+	s->first_packet=0;
 	d=p=(unsigned char *)s->init_msg;

 	/* use version from inside client hello, not from record header