commit 59c28a2723a8d15e0e48cb841c4022fabc64039e
author Paul Bakker <p.j.bakker@polarssl.org> Sat Jun 29 15:33:42 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Sat Jun 29 18:35:40 2013 +0200
tree 6c85ecf49a28e5a2bce32827aa735b08e44b08b1
parent f8d018a2747661d9b1d5533b9925e8fb745397c9

SSL v2 handshake should also handle dynamic ciphersuites

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 61a155c..f053ba2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -272,6 +272,7 @@
     unsigned int ciph_len, sess_len, chal_len;
     unsigned char *buf, *p;
     const int *ciphersuites;
+    const ssl_ciphersuite_t *ciphersuite_info;
 
     SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
 
@@ -439,11 +440,22 @@
         {
             // Only allow non-ECC ciphersuites as we do not have extensions
             //
-            if( p[0] == 0 &&
-                p[1] == 0 &&
+            if( p[0] == 0 && p[1] == 0 &&
                 ( ( ciphersuites[i] >> 8 ) & 0xFF ) == 0 &&
                 p[2] == ( ciphersuites[i] & 0xFF ) )
+            {
+                ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
+
+                if( ciphersuite_info == NULL )
+                {
+                    SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
+                                   ciphersuites[i] ) );
+                    return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+                }
+
+
                 goto have_ciphersuite_v2;
+            }
         }
     }
 
@@ -453,6 +465,7 @@
 
 have_ciphersuite_v2:
     ssl->session_negotiate->ciphersuite = ciphersuites[i];
+    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
     ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
 
     /*