@ -32,7 +32,6 @@ void ClientHelloParser::Parse(const uint8_t* data, size_t avail) {
break ;
// Fall through
case kTLSHeader :
case kSSL2Header :
ParseHeader ( data , avail ) ;
break ;
case kPaused :
@ -59,20 +58,8 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
state_ = kTLSHeader ;
body_offset_ = 5 ;
} else {
# ifdef OPENSSL_NO_SSL2
frame_len_ = ( ( data [ 0 ] < < 8 ) & kSSL2HeaderMask ) + data [ 1 ] ;
state_ = kSSL2Header ;
if ( data [ 0 ] & kSSL2TwoByteHeaderBit ) {
// header without padding
body_offset_ = 2 ;
} else {
// header with padding
body_offset_ = 3 ;
}
# else
End ( ) ;
return false ;
# endif // OPENSSL_NO_SSL2
}
// Sanity check (too big frame, or too small)
@ -85,12 +72,6 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
return true ;
}
# ifdef OPENSSL_NO_SSL2
# define NODE_SSL2_VER_CHECK(buf) false
# else
# define NODE_SSL2_VER_CHECK(buf) ((buf)[0] == 0x00 && (buf)[1] == 0x02)
# endif // OPENSSL_NO_SSL2
void ClientHelloParser : : ParseHeader ( const uint8_t * data , size_t avail ) {
ClientHello hello ;
@ -99,24 +80,20 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
if ( body_offset_ + frame_len_ > avail )
return ;
// Skip unsupported frames and gather some data from frame
// Check hello protocol version
if ( ! ( data [ body_offset_ + 4 ] = = 0x03 & & data [ body_offset_ + 5 ] < = 0x03 ) & &
! NODE_SSL2_VER_CHECK ( data + body_offset_ + 4 ) ) {
// Check hello protocol version. Protocol tuples that we know about:
//
// (3,0) SSL v3.0
// (3,1) TLS v1.0
// (3,2) TLS v1.1
// (3,3) TLS v1.2
//
if ( data [ body_offset_ + 4 ] ! = 0x03 | | data [ body_offset_ + 5 ] > 0x03 )
goto fail ;
}
if ( data [ body_offset_ ] = = kClientHello ) {
if ( state_ = = kTLSHeader ) {
if ( ! ParseTLSClientHello ( data , avail ) )
goto fail ;
} else if ( state_ = = kSSL2Header ) {
# ifdef OPENSSL_NO_SSL2
if ( ! ParseSSL2ClientHello ( data , avail ) )
goto fail ;
# else
abort ( ) ; // Unreachable
# endif // OPENSSL_NO_SSL2
} else {
// We couldn't get here, but whatever
goto fail ;
@ -145,9 +122,6 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
}
# undef NODE_SSL2_VER_CHECK
void ClientHelloParser : : ParseExtension ( ClientHelloParser : : ExtensionType type ,
const uint8_t * data ,
size_t len ) {
@ -269,28 +243,4 @@ bool ClientHelloParser::ParseTLSClientHello(const uint8_t* data, size_t avail) {
return true ;
}
# ifdef OPENSSL_NO_SSL2
bool ClientHelloParser : : ParseSSL2ClientHello ( const uint8_t * data ,
size_t avail ) {
const uint8_t * body ;
// Skip header, version
size_t session_offset = body_offset_ + 3 ;
if ( session_offset + 4 < avail ) {
body = data + session_offset ;
uint16_t ciphers_size = ( body [ 0 ] < < 8 ) + body [ 1 ] ;
if ( body + 4 + ciphers_size < data + avail ) {
session_size_ = ( body [ 2 ] < < 8 ) + body [ 3 ] ;
session_id_ = body + 4 + ciphers_size ;
}
}
return true ;
}
# endif // OPENSSL_NO_SSL2
} // namespace node