(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/ssl/s23_srvr.c

    1: /* ssl/s23_srvr.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: 
  112: #include <stdio.h>
  113: #include "ssl_locl.h"
  114: #include <openssl/buffer.h>
  115: #include <openssl/rand.h>
  116: #include <openssl/objects.h>
  117: #include <openssl/evp.h>
  118: 
  119: static SSL_METHOD *ssl23_get_server_method(int ver);
  120: int ssl23_get_client_hello(SSL *s);
  121: static SSL_METHOD *ssl23_get_server_method(int ver)
  122:         {
  123: #ifndef OPENSSL_NO_SSL2
  124:         if (ver == SSL2_VERSION)
  125:                 return(SSLv2_server_method());
  126: #endif
  127:         if (ver == SSL3_VERSION)
  128:                 return(SSLv3_server_method());
  129:         else if (ver == TLS1_VERSION)
  130:                 return(TLSv1_server_method());
  131:         else
  132:                 return(NULL);
  133:         }
  134: 
  135: IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
  136:                         ssl23_accept,
  137:                         ssl_undefined_function,
  138:                         ssl23_get_server_method)
  139: 
  140: int ssl23_accept(SSL *s)
  141:         {
  142:         BUF_MEM *buf;
  143:         unsigned long Time=(unsigned long)time(NULL);
  144:         void (*cb)(const SSL *ssl,int type,int val)=NULL;
  145:         int ret= -1;
  146:         int new_state,state;
  147: 
  148:         RAND_add(&Time,sizeof(Time),0);
  149:         ERR_clear_error();
  150:         clear_sys_error();
  151: 
  152:         if (s->info_callback != NULL)
  153:                 cb=s->info_callback;
  154:         else if (s->ctx->info_callback != NULL)
  155:                 cb=s->ctx->info_callback;
  156:         
  157:         s->in_handshake++;
  158:         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
  159: 
  160:         for (;;)
  161:                 {
  162:                 state=s->state;
  163: 
  164:                 switch(s->state)
  165:                         {
  166:                 case SSL_ST_BEFORE:
  167:                 case SSL_ST_ACCEPT:
  168:                 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
  169:                 case SSL_ST_OK|SSL_ST_ACCEPT:
  170: 
  171:                         s->server=1;
  172:                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  173: 
  174:                         /* s->version=SSL3_VERSION; */
  175:                         s->type=SSL_ST_ACCEPT;
  176: 
  177:                         if (s->init_buf == NULL)
  178:                                 {
  179:                                 if ((buf=BUF_MEM_new()) == NULL)
  180:                                         {
  181:                                         ret= -1;
  182:                                         goto end;
  183:                                         }
  184:                                 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
  185:                                         {
  186:                                         ret= -1;
  187:                                         goto end;
  188:                                         }
  189:                                 s->init_buf=buf;
  190:                                 }
  191: 
  192:                         ssl3_init_finished_mac(s);
  193: 
  194:                         s->state=SSL23_ST_SR_CLNT_HELLO_A;
  195:                         s->ctx->stats.sess_accept++;
  196:                         s->init_num=0;
  197:                         break;
  198: 
  199:                 case SSL23_ST_SR_CLNT_HELLO_A:
  200:                 case SSL23_ST_SR_CLNT_HELLO_B:
  201: 
  202:                         s->shutdown=0;
  203:                         ret=ssl23_get_client_hello(s);
  204:                         if (ret >= 0) cb=NULL;
  205:                         goto end;
  206:                         /* break; */
  207: 
  208:                 default:
  209:                         SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
  210:                         ret= -1;
  211:                         goto end;
  212:                         /* break; */
  213:                         }
  214: 
  215:                 if ((cb != NULL) && (s->state != state))
  216:                         {
  217:                         new_state=s->state;
  218:                         s->state=state;
  219:                         cb(s,SSL_CB_ACCEPT_LOOP,1);
  220:                         s->state=new_state;
  221:                         }
  222:                 }
  223: end:
  224:         s->in_handshake--;
  225:         if (cb != NULL)
  226:                 cb(s,SSL_CB_ACCEPT_EXIT,ret);
  227:         return(ret);
  228:         }
  229: 
  230: 
  231: int ssl23_get_client_hello(SSL *s)
  232:         {
  233:         char buf_space[11]; /* Request this many bytes in initial read.
  234:                              * We can detect SSL 3.0/TLS 1.0 Client Hellos
  235:                              * ('type == 3') correctly only when the following
  236:                              * is in a single record, which is not guaranteed by
  237:                              * the protocol specification:
  238:                              * Byte  Content
  239:                              *  0     type            \
  240:                              *  1/2   version          > record header
  241:                              *  3/4   length          /
  242:                              *  5     msg_type        \
  243:                              *  6-8   length           > Client Hello message
  244:                              *  9/10  client_version  /
  245:                              */
  246:         char *buf= &(buf_space[0]);
  247:         unsigned char *p,*d,*d_len,*dd;
  248:         unsigned int i;
  249:         unsigned int csl,sil,cl;
  250:         int n=0,j;
  251:         int type=0;
  252:         int v[2];
  253: 
  254:         if (s->state ==        SSL23_ST_SR_CLNT_HELLO_A)
  255:                 {
  256:                 /* read the initial header */
  257:                 v[0]=v[1]=0;
  258: 
  259:                 if (!ssl3_setup_buffers(s)) goto err;
  260: 
  261:                 n=ssl23_read_bytes(s, sizeof buf_space);
  262:                 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
  263: 
  264:                 p=s->packet;
  265: 
  266:                 memcpy(buf,p,n);
  267: 
  268:                 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
  269:                         {
  270:                         /*
  271:                          * SSLv2 header
  272:                          */
  273:                         if ((p[3] == 0x00) && (p[4] == 0x02))
  274:                                 {
  275:                                 v[0]=p[3]; v[1]=p[4];
  276:                                 /* SSLv2 */
  277:                                 if (!(s->options & SSL_OP_NO_SSLv2))
  278:                                         type=1;
  279:                                 }
  280:                         else if (p[3] == SSL3_VERSION_MAJOR)
  281:                                 {
  282:                                 v[0]=p[3]; v[1]=p[4];
  283:                                 /* SSLv3/TLSv1 */
  284:                                 if (p[4] >= TLS1_VERSION_MINOR)
  285:                                         {
  286:                                         if (!(s->options & SSL_OP_NO_TLSv1))
  287:                                                 {
  288:                                                 s->version=TLS1_VERSION;
  289:                                                 /* type=2; */ /* done later to survive restarts */
  290:                                                 s->state=SSL23_ST_SR_CLNT_HELLO_B;
  291:                                                 }
  292:                                         else if (!(s->options & SSL_OP_NO_SSLv3))
  293:                                                 {
  294:                                                 s->version=SSL3_VERSION;
  295:                                                 /* type=2; */
  296:                                                 s->state=SSL23_ST_SR_CLNT_HELLO_B;
  297:                                                 }
  298:                                         else if (!(s->options & SSL_OP_NO_SSLv2))
  299:                                                 {
  300:                                                 type=1;
  301:                                                 }
  302:                                         }
  303:                                 else if (!(s->options & SSL_OP_NO_SSLv3))
  304:                                         {
  305:                                         s->version=SSL3_VERSION;
  306:                                         /* type=2; */
  307:                                         s->state=SSL23_ST_SR_CLNT_HELLO_B;
  308:                                         }
  309:                                 else if (!(s->options & SSL_OP_NO_SSLv2))
  310:                                         type=1;
  311: 
  312:                                 }
  313:                         }
  314:                 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
  315:                          (p[1] == SSL3_VERSION_MAJOR) &&
  316:                          (p[5] == SSL3_MT_CLIENT_HELLO) &&
  317:                          ((p[3] == 0 && p[4] < 5 /* silly record length? */)
  318:                                 || (p[9] == p[1])))
  319:                         {
  320:                         /*
  321:                          * SSLv3 or tls1 header
  322:                          */
  323:                         
  324:                         v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
  325:                         /* We must look at client_version inside the Client Hello message
  326:                          * to get the correct minor version.
  327:                          * However if we have only a pathologically small fragment of the
  328:                          * Client Hello message, this would be difficult, and we'd have
  329:                          * to read more records to find out.
  330:                          * No known SSL 3.0 client fragments ClientHello like this,
  331:                          * so we simply assume TLS 1.0 to avoid protocol version downgrade
  332:                          * attacks. */
  333:                         if (p[3] == 0 && p[4] < 6)
  334:                                 {
  335: #if 0
  336:                                 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
  337:                                 goto err;
  338: #else
  339:                                 v[1] = TLS1_VERSION_MINOR;
  340: #endif
  341:                                 }
  342:                         else
  343:                                 v[1]=p[10]; /* minor version according to client_version */
  344:                         if (v[1] >= TLS1_VERSION_MINOR)
  345:                                 {
  346:                                 if (!(s->options & SSL_OP_NO_TLSv1))
  347:                                         {
  348:                                         s->version=TLS1_VERSION;
  349:                                         type=3;
  350:                                         }
  351:                                 else if (!(s->options & SSL_OP_NO_SSLv3))
  352:                                         {
  353:                                         s->version=SSL3_VERSION;
  354:                                         type=3;
  355:                                         }
  356:                                 }
  357:                         else
  358:                                 {
  359:                                 /* client requests SSL 3.0 */
  360:                                 if (!(s->options & SSL_OP_NO_SSLv3))
  361:                                         {
  362:                                         s->version=SSL3_VERSION;
  363:                                         type=3;
  364:                                         }
  365:                                 else if (!(s->options & SSL_OP_NO_TLSv1))
  366:                                         {
  367:                                         /* we won't be able to use TLS of course,
  368:                                          * but this will send an appropriate alert */
  369:                                         s->version=TLS1_VERSION;
  370:                                         type=3;
  371:                                         }
  372:                                 }
  373:                         }
  374:                 else if ((strncmp("GET ", (char *)p,4) == 0) ||
  375:                          (strncmp("POST ",(char *)p,5) == 0) ||
  376:                          (strncmp("HEAD ",(char *)p,5) == 0) ||
  377:                          (strncmp("PUT ", (char *)p,4) == 0))
  378:                         {
  379:                         SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
  380:                         goto err;
  381:                         }
  382:                 else if (strncmp("CONNECT",(char *)p,7) == 0)
  383:                         {
  384:                         SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
  385:                         goto err;
  386:                         }
  387:                 }
  388: 
  389:         if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
  390:                 {
  391:                 /* we have SSLv3/TLSv1 in an SSLv2 header
  392:                  * (other cases skip this state) */
  393: 
  394:                 type=2;
  395:                 p=s->packet;
  396:                 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
  397:                 v[1] = p[4];
  398: 
  399:                 n=((p[0]&0x7f)<<8)|p[1];
  400:                 if (n > (1024*4))
  401:                         {
  402:                         SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
  403:                         goto err;
  404:                         }
  405: 
  406:                 j=ssl23_read_bytes(s,n+2);
  407:                 if (j <= 0) return(j);
  408: 
  409:                 ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
  410:                 if (s->msg_callback)
  411:                         s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
  412: 
  413:                 p=s->packet;
  414:                 p+=5;
  415:                 n2s(p,csl);
  416:                 n2s(p,sil);
  417:                 n2s(p,cl);
  418:                 d=(unsigned char *)s->init_buf->data;
  419:                 if ((csl+sil+cl+11) != s->packet_length)
  420:                         {
  421:                         SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
  422:                         goto err;
  423:                         }
  424: 
  425:                 /* record header: msg_type ... */
  426:                 *(d++) = SSL3_MT_CLIENT_HELLO;
  427:                 /* ... and length (actual value will be written later) */
  428:                 d_len = d;
  429:                 d += 3;
  430: 
  431:                 /* client_version */
  432:                 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
  433:                 *(d++) = v[1];
  434: 
  435:                 /* lets populate the random area */
  436:                 /* get the challenge_length */
  437:                 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
  438:                 memset(d,0,SSL3_RANDOM_SIZE);
  439:                 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
  440:                 d+=SSL3_RANDOM_SIZE;
  441: 
  442:                 /* no session-id reuse */
  443:                 *(d++)=0;
  444: 
  445:                 /* ciphers */
  446:                 j=0;
  447:                 dd=d;
  448:                 d+=2;
  449:                 for (i=0; i<csl; i+=3)
  450:                         {
  451:                         if (p[i] != 0) continue;
  452:                         *(d++)=p[i+1];
  453:                         *(d++)=p[i+2];
  454:                         j+=2;
  455:                         }
  456:                 s2n(j,dd);
  457: 
  458:                 /* COMPRESSION */
  459:                 *(d++)=1;
  460:                 *(d++)=0;
  461:                 
  462:                 i = (d-(unsigned char *)s->init_buf->data) - 4;
  463:                 l2n3((long)i, d_len);
  464: 
  465:                 /* get the data reused from the init_buf */
  466:                 s->s3->tmp.reuse_message=1;
  467:                 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
  468:                 s->s3->tmp.message_size=i;
  469:                 }
  470: 
  471:         /* imaginary new state (for program structure): */
  472:         /* s->state = SSL23_SR_CLNT_HELLO_C */
  473: 
  474:         if (type == 1)
  475:                 {
  476: #ifdef OPENSSL_NO_SSL2
  477:                 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
  478:                 goto err;
  479: #else
  480:                 /* we are talking sslv2 */
  481:                 /* we need to clean up the SSLv3/TLSv1 setup and put in the
  482:                  * sslv2 stuff. */
  483: 
  484:                 if (s->s2 == NULL)
  485:                         {
  486:                         if (!ssl2_new(s))
  487:                                 goto err;
  488:                         }
  489:                 else
  490:                         ssl2_clear(s);
  491: 
  492:                 if (s->s3 != NULL) ssl3_free(s);
  493: 
  494:                 if (!BUF_MEM_grow_clean(s->init_buf,
  495:                         SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
  496:                         {
  497:                         goto err;
  498:                         }
  499: 
  500:                 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
  501:                 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
  502:                         s->s2->ssl2_rollback=0;
  503:                 else
  504:                         /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
  505:                          * (SSL 3.0 draft/RFC 2246, App. E.2) */
  506:                         s->s2->ssl2_rollback=1;
  507: 
  508:                 /* setup the n bytes we have read so we get them from
  509:                  * the sslv2 buffer */
  510:                 s->rstate=SSL_ST_READ_HEADER;
  511:                 s->packet_length=n;
  512:                 s->packet= &(s->s2->rbuf[0]);
  513:                 memcpy(s->packet,buf,n);
  514:                 s->s2->rbuf_left=n;
  515:                 s->s2->rbuf_offs=0;
  516: 
  517:                 s->method=SSLv2_server_method();
  518:                 s->handshake_func=s->method->ssl_accept;
  519: #endif
  520:                 }
  521: 
  522:         if ((type == 2) || (type == 3))
  523:                 {
  524:                 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
  525: 
  526:                 if (!ssl_init_wbio_buffer(s,1)) goto err;
  527: 
  528:                 /* we are in this state */
  529:                 s->state=SSL3_ST_SR_CLNT_HELLO_A;
  530: 
  531:                 if (type == 3)
  532:                         {
  533:                         /* put the 'n' bytes we have read into the input buffer
  534:                          * for SSLv3 */
  535:                         s->rstate=SSL_ST_READ_HEADER;
  536:                         s->packet_length=n;
  537:                         s->packet= &(s->s3->rbuf.buf[0]);
  538:                         memcpy(s->packet,buf,n);
  539:                         s->s3->rbuf.left=n;
  540:                         s->s3->rbuf.offset=0;
  541:                         }
  542:                 else
  543:                         {
  544:                         s->packet_length=0;
  545:                         s->s3->rbuf.left=0;
  546:                         s->s3->rbuf.offset=0;
  547:                         }
  548: 
  549:                 if (s->version == TLS1_VERSION)
  550:                         s->method = TLSv1_server_method();
  551:                 else
  552:                         s->method = SSLv3_server_method();
  553: #if 0 /* ssl3_get_client_hello does this */
  554:                 s->client_version=(v[0]<<