1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/s23_srvr.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,587 @@
1.4 +/* ssl/s23_srvr.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/* ====================================================================
1.62 + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
1.63 + *
1.64 + * Redistribution and use in source and binary forms, with or without
1.65 + * modification, are permitted provided that the following conditions
1.66 + * are met:
1.67 + *
1.68 + * 1. Redistributions of source code must retain the above copyright
1.69 + * notice, this list of conditions and the following disclaimer.
1.70 + *
1.71 + * 2. Redistributions in binary form must reproduce the above copyright
1.72 + * notice, this list of conditions and the following disclaimer in
1.73 + * the documentation and/or other materials provided with the
1.74 + * distribution.
1.75 + *
1.76 + * 3. All advertising materials mentioning features or use of this
1.77 + * software must display the following acknowledgment:
1.78 + * "This product includes software developed by the OpenSSL Project
1.79 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.80 + *
1.81 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.82 + * endorse or promote products derived from this software without
1.83 + * prior written permission. For written permission, please contact
1.84 + * openssl-core@openssl.org.
1.85 + *
1.86 + * 5. Products derived from this software may not be called "OpenSSL"
1.87 + * nor may "OpenSSL" appear in their names without prior written
1.88 + * permission of the OpenSSL Project.
1.89 + *
1.90 + * 6. Redistributions of any form whatsoever must retain the following
1.91 + * acknowledgment:
1.92 + * "This product includes software developed by the OpenSSL Project
1.93 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.94 + *
1.95 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.96 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.97 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.98 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.99 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.100 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.101 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.102 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.103 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.104 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.105 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.106 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.107 + * ====================================================================
1.108 + *
1.109 + * This product includes cryptographic software written by Eric Young
1.110 + * (eay@cryptsoft.com). This product includes software written by Tim
1.111 + * Hudson (tjh@cryptsoft.com).
1.112 + *
1.113 + */
1.114 +/*
1.115 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.116 + */
1.117 +
1.118 +#include <stdio.h>
1.119 +#include "ssl_locl.h"
1.120 +#include <openssl/buffer.h>
1.121 +#include <openssl/rand.h>
1.122 +#include <openssl/objects.h>
1.123 +#include <openssl/evp.h>
1.124 +
1.125 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.126 +#include "libssl_wsd.h"
1.127 +#endif
1.128 +
1.129 +#ifdef EMULATOR
1.130 +
1.131 + GET_STATIC_VAR_FROM_TLS(SSLv23_server_method_data,s23_srvr,SSL_METHOD)
1.132 +
1.133 + #define SSLv23_server_method_data (*GET_WSD_VAR_NAME(SSLv23_server_method_data,s23_srvr,s)())
1.134 +
1.135 +#endif
1.136 +
1.137 +static SSL_METHOD *ssl23_get_server_method(int ver);
1.138 +int ssl23_get_client_hello(SSL *s);
1.139 +static SSL_METHOD *ssl23_get_server_method(int ver)
1.140 + {
1.141 +#ifndef OPENSSL_NO_SSL2
1.142 + if (ver == SSL2_VERSION)
1.143 + return(SSLv2_server_method());
1.144 +#endif
1.145 + if (ver == SSL3_VERSION)
1.146 + return(SSLv3_server_method());
1.147 + else if (ver == TLS1_VERSION)
1.148 + return(TLSv1_server_method());
1.149 + else
1.150 + return(NULL);
1.151 + }
1.152 +
1.153 +EXPORT_C IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
1.154 + ssl23_accept,
1.155 + ssl_undefined_function,
1.156 + ssl23_get_server_method)
1.157 +
1.158 +int ssl23_accept(SSL *s)
1.159 + {
1.160 + BUF_MEM *buf;
1.161 + unsigned long Time=(unsigned long)time(NULL);
1.162 + void (*cb)(const SSL *ssl,int type,int val)=NULL;
1.163 + int ret= -1;
1.164 + int new_state,state;
1.165 +
1.166 + RAND_add(&Time,sizeof(Time),0);
1.167 + ERR_clear_error();
1.168 + clear_sys_error();
1.169 +
1.170 + if (s->info_callback != NULL)
1.171 + cb=s->info_callback;
1.172 + else if (s->ctx->info_callback != NULL)
1.173 + cb=s->ctx->info_callback;
1.174 +
1.175 + s->in_handshake++;
1.176 + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
1.177 +
1.178 + for (;;)
1.179 + {
1.180 + state=s->state;
1.181 +
1.182 + switch(s->state)
1.183 + {
1.184 + case SSL_ST_BEFORE:
1.185 + case SSL_ST_ACCEPT:
1.186 + case SSL_ST_BEFORE|SSL_ST_ACCEPT:
1.187 + case SSL_ST_OK|SSL_ST_ACCEPT:
1.188 +
1.189 + s->server=1;
1.190 + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
1.191 +
1.192 + /* s->version=SSL3_VERSION; */
1.193 + s->type=SSL_ST_ACCEPT;
1.194 +
1.195 + if (s->init_buf == NULL)
1.196 + {
1.197 + if ((buf=BUF_MEM_new()) == NULL)
1.198 + {
1.199 + ret= -1;
1.200 + goto end;
1.201 + }
1.202 + if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
1.203 + {
1.204 + ret= -1;
1.205 + goto end;
1.206 + }
1.207 + s->init_buf=buf;
1.208 + }
1.209 +
1.210 + ssl3_init_finished_mac(s);
1.211 +
1.212 + s->state=SSL23_ST_SR_CLNT_HELLO_A;
1.213 + s->ctx->stats.sess_accept++;
1.214 + s->init_num=0;
1.215 + break;
1.216 +
1.217 + case SSL23_ST_SR_CLNT_HELLO_A:
1.218 + case SSL23_ST_SR_CLNT_HELLO_B:
1.219 +
1.220 + s->shutdown=0;
1.221 + ret=ssl23_get_client_hello(s);
1.222 + if (ret >= 0) cb=NULL;
1.223 + goto end;
1.224 + /* break; */
1.225 +
1.226 + default:
1.227 + SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
1.228 + ret= -1;
1.229 + goto end;
1.230 + /* break; */
1.231 + }
1.232 +
1.233 + if ((cb != NULL) && (s->state != state))
1.234 + {
1.235 + new_state=s->state;
1.236 + s->state=state;
1.237 + cb(s,SSL_CB_ACCEPT_LOOP,1);
1.238 + s->state=new_state;
1.239 + }
1.240 + }
1.241 +end:
1.242 + s->in_handshake--;
1.243 + if (cb != NULL)
1.244 + cb(s,SSL_CB_ACCEPT_EXIT,ret);
1.245 + return(ret);
1.246 + }
1.247 +
1.248 +
1.249 +int ssl23_get_client_hello(SSL *s)
1.250 + {
1.251 + char buf_space[11]; /* Request this many bytes in initial read.
1.252 + * We can detect SSL 3.0/TLS 1.0 Client Hellos
1.253 + * ('type == 3') correctly only when the following
1.254 + * is in a single record, which is not guaranteed by
1.255 + * the protocol specification:
1.256 + * Byte Content
1.257 + * 0 type \
1.258 + * 1/2 version > record header
1.259 + * 3/4 length /
1.260 + * 5 msg_type \
1.261 + * 6-8 length > Client Hello message
1.262 + * 9/10 client_version /
1.263 + */
1.264 + char *buf= &(buf_space[0]);
1.265 + unsigned char *p,*d,*d_len,*dd;
1.266 + unsigned int i;
1.267 + unsigned int csl,sil,cl;
1.268 + int n=0,j;
1.269 + int type=0;
1.270 + int v[2];
1.271 +
1.272 + if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
1.273 + {
1.274 + /* read the initial header */
1.275 + v[0]=v[1]=0;
1.276 +
1.277 + if (!ssl3_setup_buffers(s)) goto err;
1.278 +
1.279 + n=ssl23_read_bytes(s, sizeof buf_space);
1.280 + if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
1.281 +
1.282 + p=s->packet;
1.283 +
1.284 + memcpy(buf,p,n);
1.285 +
1.286 + if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
1.287 + {
1.288 + /*
1.289 + * SSLv2 header
1.290 + */
1.291 + if ((p[3] == 0x00) && (p[4] == 0x02))
1.292 + {
1.293 + v[0]=p[3]; v[1]=p[4];
1.294 + /* SSLv2 */
1.295 + if (!(s->options & SSL_OP_NO_SSLv2))
1.296 + type=1;
1.297 + }
1.298 + else if (p[3] == SSL3_VERSION_MAJOR)
1.299 + {
1.300 + v[0]=p[3]; v[1]=p[4];
1.301 + /* SSLv3/TLSv1 */
1.302 + if (p[4] >= TLS1_VERSION_MINOR)
1.303 + {
1.304 + if (!(s->options & SSL_OP_NO_TLSv1))
1.305 + {
1.306 + s->version=TLS1_VERSION;
1.307 + /* type=2; */ /* done later to survive restarts */
1.308 + s->state=SSL23_ST_SR_CLNT_HELLO_B;
1.309 + }
1.310 + else if (!(s->options & SSL_OP_NO_SSLv3))
1.311 + {
1.312 + s->version=SSL3_VERSION;
1.313 + /* type=2; */
1.314 + s->state=SSL23_ST_SR_CLNT_HELLO_B;
1.315 + }
1.316 + else if (!(s->options & SSL_OP_NO_SSLv2))
1.317 + {
1.318 + type=1;
1.319 + }
1.320 + }
1.321 + else if (!(s->options & SSL_OP_NO_SSLv3))
1.322 + {
1.323 + s->version=SSL3_VERSION;
1.324 + /* type=2; */
1.325 + s->state=SSL23_ST_SR_CLNT_HELLO_B;
1.326 + }
1.327 + else if (!(s->options & SSL_OP_NO_SSLv2))
1.328 + type=1;
1.329 +
1.330 + }
1.331 + }
1.332 + else if ((p[0] == SSL3_RT_HANDSHAKE) &&
1.333 + (p[1] == SSL3_VERSION_MAJOR) &&
1.334 + (p[5] == SSL3_MT_CLIENT_HELLO) &&
1.335 + ((p[3] == 0 && p[4] < 5 /* silly record length? */)
1.336 + || (p[9] == p[1])))
1.337 + {
1.338 + /*
1.339 + * SSLv3 or tls1 header
1.340 + */
1.341 +
1.342 + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
1.343 + /* We must look at client_version inside the Client Hello message
1.344 + * to get the correct minor version.
1.345 + * However if we have only a pathologically small fragment of the
1.346 + * Client Hello message, this would be difficult, and we'd have
1.347 + * to read more records to find out.
1.348 + * No known SSL 3.0 client fragments ClientHello like this,
1.349 + * so we simply assume TLS 1.0 to avoid protocol version downgrade
1.350 + * attacks. */
1.351 + if (p[3] == 0 && p[4] < 6)
1.352 + {
1.353 +#if 0
1.354 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
1.355 + goto err;
1.356 +#else
1.357 + v[1] = TLS1_VERSION_MINOR;
1.358 +#endif
1.359 + }
1.360 + else
1.361 + v[1]=p[10]; /* minor version according to client_version */
1.362 + if (v[1] >= TLS1_VERSION_MINOR)
1.363 + {
1.364 + if (!(s->options & SSL_OP_NO_TLSv1))
1.365 + {
1.366 + s->version=TLS1_VERSION;
1.367 + type=3;
1.368 + }
1.369 + else if (!(s->options & SSL_OP_NO_SSLv3))
1.370 + {
1.371 + s->version=SSL3_VERSION;
1.372 + type=3;
1.373 + }
1.374 + }
1.375 + else
1.376 + {
1.377 + /* client requests SSL 3.0 */
1.378 + if (!(s->options & SSL_OP_NO_SSLv3))
1.379 + {
1.380 + s->version=SSL3_VERSION;
1.381 + type=3;
1.382 + }
1.383 + else if (!(s->options & SSL_OP_NO_TLSv1))
1.384 + {
1.385 + /* we won't be able to use TLS of course,
1.386 + * but this will send an appropriate alert */
1.387 + s->version=TLS1_VERSION;
1.388 + type=3;
1.389 + }
1.390 + }
1.391 + }
1.392 + else if ((strncmp("GET ", (char *)p,4) == 0) ||
1.393 + (strncmp("POST ",(char *)p,5) == 0) ||
1.394 + (strncmp("HEAD ",(char *)p,5) == 0) ||
1.395 + (strncmp("PUT ", (char *)p,4) == 0))
1.396 + {
1.397 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
1.398 + goto err;
1.399 + }
1.400 + else if (strncmp("CONNECT",(char *)p,7) == 0)
1.401 + {
1.402 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
1.403 + goto err;
1.404 + }
1.405 + }
1.406 +
1.407 + if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
1.408 + {
1.409 + /* we have SSLv3/TLSv1 in an SSLv2 header
1.410 + * (other cases skip this state) */
1.411 +
1.412 + type=2;
1.413 + p=s->packet;
1.414 + v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
1.415 + v[1] = p[4];
1.416 +
1.417 + n=((p[0]&0x7f)<<8)|p[1];
1.418 + if (n > (1024*4))
1.419 + {
1.420 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
1.421 + goto err;
1.422 + }
1.423 +
1.424 + j=ssl23_read_bytes(s,n+2);
1.425 + if (j <= 0) return(j);
1.426 +
1.427 + ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
1.428 + if (s->msg_callback)
1.429 + s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
1.430 +
1.431 + p=s->packet;
1.432 + p+=5;
1.433 + n2s(p,csl);
1.434 + n2s(p,sil);
1.435 + n2s(p,cl);
1.436 + d=(unsigned char *)s->init_buf->data;
1.437 + if ((csl+sil+cl+11) != s->packet_length)
1.438 + {
1.439 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
1.440 + goto err;
1.441 + }
1.442 +
1.443 + /* record header: msg_type ... */
1.444 + *(d++) = SSL3_MT_CLIENT_HELLO;
1.445 + /* ... and length (actual value will be written later) */
1.446 + d_len = d;
1.447 + d += 3;
1.448 +
1.449 + /* client_version */
1.450 + *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
1.451 + *(d++) = v[1];
1.452 +
1.453 + /* lets populate the random area */
1.454 + /* get the challenge_length */
1.455 + i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
1.456 + memset(d,0,SSL3_RANDOM_SIZE);
1.457 + memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
1.458 + d+=SSL3_RANDOM_SIZE;
1.459 +
1.460 + /* no session-id reuse */
1.461 + *(d++)=0;
1.462 +
1.463 + /* ciphers */
1.464 + j=0;
1.465 + dd=d;
1.466 + d+=2;
1.467 + for (i=0; i<csl; i+=3)
1.468 + {
1.469 + if (p[i] != 0) continue;
1.470 + *(d++)=p[i+1];
1.471 + *(d++)=p[i+2];
1.472 + j+=2;
1.473 + }
1.474 + s2n(j,dd);
1.475 +
1.476 + /* COMPRESSION */
1.477 + *(d++)=1;
1.478 + *(d++)=0;
1.479 +
1.480 + i = (d-(unsigned char *)s->init_buf->data) - 4;
1.481 + l2n3((long)i, d_len);
1.482 +
1.483 + /* get the data reused from the init_buf */
1.484 + s->s3->tmp.reuse_message=1;
1.485 + s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
1.486 + s->s3->tmp.message_size=i;
1.487 + }
1.488 +
1.489 + /* imaginary new state (for program structure): */
1.490 + /* s->state = SSL23_SR_CLNT_HELLO_C */
1.491 +
1.492 + if (type == 1)
1.493 + {
1.494 +#ifdef OPENSSL_NO_SSL2
1.495 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
1.496 + goto err;
1.497 +#else
1.498 + /* we are talking sslv2 */
1.499 + /* we need to clean up the SSLv3/TLSv1 setup and put in the
1.500 + * sslv2 stuff. */
1.501 +
1.502 + if (s->s2 == NULL)
1.503 + {
1.504 + if (!ssl2_new(s))
1.505 + goto err;
1.506 + }
1.507 + else
1.508 + ssl2_clear(s);
1.509 +
1.510 + if (s->s3 != NULL) ssl3_free(s);
1.511 +
1.512 + if (!BUF_MEM_grow_clean(s->init_buf,
1.513 + SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
1.514 + {
1.515 + goto err;
1.516 + }
1.517 +
1.518 + s->state=SSL2_ST_GET_CLIENT_HELLO_A;
1.519 + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
1.520 + s->s2->ssl2_rollback=0;
1.521 + else
1.522 + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
1.523 + * (SSL 3.0 draft/RFC 2246, App. E.2) */
1.524 + s->s2->ssl2_rollback=1;
1.525 +
1.526 + /* setup the n bytes we have read so we get them from
1.527 + * the sslv2 buffer */
1.528 + s->rstate=SSL_ST_READ_HEADER;
1.529 + s->packet_length=n;
1.530 + s->packet= &(s->s2->rbuf[0]);
1.531 + memcpy(s->packet,buf,n);
1.532 + s->s2->rbuf_left=n;
1.533 + s->s2->rbuf_offs=0;
1.534 +
1.535 + s->method=SSLv2_server_method();
1.536 + s->handshake_func=s->method->ssl_accept;
1.537 +#endif
1.538 + }
1.539 +
1.540 + if ((type == 2) || (type == 3))
1.541 + {
1.542 + /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
1.543 +
1.544 + if (!ssl_init_wbio_buffer(s,1)) goto err;
1.545 +
1.546 + /* we are in this state */
1.547 + s->state=SSL3_ST_SR_CLNT_HELLO_A;
1.548 +
1.549 + if (type == 3)
1.550 + {
1.551 + /* put the 'n' bytes we have read into the input buffer
1.552 + * for SSLv3 */
1.553 + s->rstate=SSL_ST_READ_HEADER;
1.554 + s->packet_length=n;
1.555 + s->packet= &(s->s3->rbuf.buf[0]);
1.556 + memcpy(s->packet,buf,n);
1.557 + s->s3->rbuf.left=n;
1.558 + s->s3->rbuf.offset=0;
1.559 + }
1.560 + else
1.561 + {
1.562 + s->packet_length=0;
1.563 + s->s3->rbuf.left=0;
1.564 + s->s3->rbuf.offset=0;
1.565 + }
1.566 +
1.567 + if (s->version == TLS1_VERSION)
1.568 + s->method = TLSv1_server_method();
1.569 + else
1.570 + s->method = SSLv3_server_method();
1.571 +#if 0 /* ssl3_get_client_hello does this */
1.572 + s->client_version=(v[0]<<8)|v[1];
1.573 +#endif
1.574 + s->handshake_func=s->method->ssl_accept;
1.575 + }
1.576 +
1.577 + if ((type < 1) || (type > 3))
1.578 + {
1.579 + /* bad, very bad */
1.580 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
1.581 + goto err;
1.582 + }
1.583 + s->init_num=0;
1.584 +
1.585 + if (buf != buf_space) OPENSSL_free(buf);
1.586 + return(SSL_accept(s));
1.587 +err:
1.588 + if (buf != buf_space) OPENSSL_free(buf);
1.589 + return(-1);
1.590 + }