Fix horrible (and hard to track down) bug in ssl23_get_client_hello:

In case of a restart, v[0] and v[1] were incorrectly initialised. This was interpreted by ssl3_get_client_key_exchange as an RSA decryption failure (don't ask me why) and caused it to create a _random_ master key instead (even weirder), which obviously led to incorrect input to ssl3_generate_master_secret and thus caused "block cipher pad is wrong" error messages from ssl3_enc for the client's Finished message. Arrgh.
1999-08-18 17:14:42 +00:00
parent 6e4a3b5529
commit de1915e48c
3 changed files with 13 additions and 2 deletions
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -195,10 +195,11 @@ int ssl23_get_client_hello(SSL *s)
 	int type=0,use_sslv2_strong=0;
 	int v[2];

-	/* read the initial header */
-	v[0]=v[1]=0;
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
+		/* read the initial header */
+		v[0]=v[1]=0;
+
 		if (!ssl3_setup_buffers(s)) goto err;

 		n=ssl23_read_bytes(s,7);
@@ -244,6 +245,7 @@ int ssl23_get_client_hello(SSL *s)
 					type=1;

 				if (s->options & SSL_OP_NON_EXPORT_FIRST)
+					/* not only confusing, but broken! */
 					{
 					STACK_OF(SSL_CIPHER) *sk;
 					SSL_CIPHER *c;
@@ -337,6 +339,8 @@ next_bit:
 		/* we have a SSLv3/TLSv1 in a SSLv2 header */
 		type=2;
 		p=s->packet;
+		v[0] = p[3];
+		v[1] = p[4];
 		n=((p[0]&0x7f)<<8)|p[1];
 		if (n > (1024*4))
 			{