diff options
| author | David Benjamin <davidben@chromium.org> | 2014-12-11 11:26:22 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-12-14 01:39:46 +0300 |
| commit | 9ec6bcaebed8290e537743b9070588bfc5fbe120 (patch) | |
| tree | 7e54fbe796213e6483d131c5103cb285265e6cac /ssl/s3_srvr.c | |
| parent | e99e912bea854910c56301985afc3e72dcfe0404 (diff) | |
Remove method swap in DTLS_ANY_VERSION.
DTLS_method() can now negotiate versions without switching methods.
Change-Id: I0655b3221b6e7e4b3ed4acc45f1f41c594447021
Reviewed-on: https://boringssl-review.googlesource.com/2582
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/s3_srvr.c')
| -rw-r--r-- | ssl/s3_srvr.c | 56 |
1 files changed, 26 insertions, 30 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f9012cc9..71f7fefa 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -794,21 +794,6 @@ int ssl3_get_client_hello(SSL *s) * (may differ: see RFC 2246, Appendix E, second paragraph) */ s->client_version = client_version; - if (SSL_IS_DTLS(s) ? (s->client_version > s->version && - s->method->version != DTLS_ANY_VERSION) - : (s->client_version < s->version)) - { - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR && - !s->s3->have_version) - { - /* similar to ssl3_get_record, send alert using remote version number */ - s->version = s->client_version; - } - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - /* Load the client random. */ memcpy(s->s3->client_random, CBS_data(&client_random), SSL3_RANDOM_SIZE); @@ -850,24 +835,35 @@ int ssl3_get_client_hello(SSL *s) * don't send HelloVerifyRequest. */ ret = -2; } + } - if (s->method->version == DTLS_ANY_VERSION) + if (!s->s3->have_version && s->method->version == DTLS_ANY_VERSION) + { + /* Select version to use */ + uint16_t version = ssl3_get_mutual_version(s, client_version); + if (version == 0) { - /* Select version to use */ - uint16_t version = ssl3_get_mutual_version(s, client_version); - if (version == 0) - { - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER); - s->version = s->client_version; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - s->version = version; - s->method = ssl3_get_method(version); - assert(s->method != NULL); - s->enc_method = ssl3_get_enc_method(version); - assert(s->enc_method != NULL); + OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER); + s->version = s->client_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; } + s->version = version; + s->enc_method = ssl3_get_enc_method(version); + assert(s->enc_method != NULL); + } + else if (SSL_IS_DTLS(s) ? (s->client_version > s->version) + : (s->client_version < s->version)) + { + OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER); + if ((s->client_version>>8) == SSL3_VERSION_MAJOR && + !s->s3->have_version) + { + /* similar to ssl3_get_record, send alert using remote version number */ + s->version = s->client_version; + } + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; } /* At this point, the connection's version is known and s->version is |