Google Git
Sign in
boringssl/boringssl.git/4b755cb0da7aace30815164ef2e13031707f6b7f^!/./include
commit
4b755cb0da7aace30815164ef2e13031707f6b7f
[log] [tgz]
author
David Benjamin <davidben@chromium.org>
Fri Dec 12 03:58:07 2014 -0500
committer
Adam Langley <agl@google.com>
Sat Dec 13 15:22:21 2014 -0800
tree
f5fee642369f116ad2d576bc8efe75c929d0e814
parent
63c55a8e3527b60f7694e656c8aa1fa081100193 [diff]
Implement the V2ClientHello sniff in version-locked methods.

Tested manually by replacing SSLv23_method() with TLSv1_2_method() in
bssl_shim. This is a large chunk of code which is not run in SSLv23_method(),
but it will be run after unification. It's split out separately to ease review.

Change-Id: I6bd241daca17aa0f9b3e36e51864a29755a41097

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1bc9604..e5d7a51 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2444,6 +2444,8 @@
 #define SSL_F_SSL_SESSION_to_bytes_full 292
 #define SSL_F_SSL_accept 293
 #define SSL_F_SSL_connect 294
+#define SSL_F_ssl3_get_v2_client_hello 295
+#define SSL_F_ssl3_get_initial_bytes 296
 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
 #define SSL_R_INVALID_NULL_CMD_NAME 102

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 7c30d9b..34c483e 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h

@@ -369,6 +369,12 @@
 	 * known. Otherwise the version has not been negotiated yet. */
 	char have_version;
 
+	/* sniff_buffer is used by the server in the initial handshake
+	 * to read a V2ClientHello before the record layer is
+	 * initialized. */
+	BUF_MEM *sniff_buffer;
+	size_t sniff_buffer_len;
+
 	SSL3_BUFFER rbuf;	/* read IO goes into here */
 	SSL3_BUFFER wbuf;	/* write IO goes into here */
 
@@ -589,6 +595,8 @@
 /* extra state */
 #define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
 /* read from client */
+#define SSL3_ST_SR_INITIAL_BYTES	(0x240|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_V2_CLIENT_HELLO	(0x241|SSL_ST_ACCEPT)
 /* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
@@ -624,6 +632,7 @@
 #define SSL3_ST_SR_CHANNEL_ID_B		(0x231|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
+
 /* write to client */
 #define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)