aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-11-26 11:38:51 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-11-26 11:38:51 +0000
commit90de4ab78cb6f504178d33f6172d55450163d240 (patch)
treeb4414a60029a42ba8e92186b3e6e311a7306c143 /crypto/openssl/ssl/s3_srvr.c
parent30f57c4bdf5ff9efeee09c92d5e30a90ae8484a6 (diff)
downloadsrc-90de4ab78cb6f504178d33f6172d55450163d240.tar.gz
src-90de4ab78cb6f504178d33f6172d55450163d240.zip
MFC: OpenSSL 0.9.6
Notes
Notes: svn path=/stable/4/; revision=69205
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r--crypto/openssl/ssl/s3_srvr.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index e23ca20bd310..bb8cfb31e55a 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -153,7 +153,10 @@ int ssl3_accept(SSL *s)
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version>>8) != 3)
- abort();
+ {
+ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
s->type=SSL_ST_ACCEPT;
if (s->init_buf == NULL)
@@ -982,7 +985,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
dhp=cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp=s->cert->dh_tmp_cb(s,
- !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
if (dhp == NULL)
{
@@ -1326,11 +1329,22 @@ static int ssl3_get_client_key_exchange(SSL *s)
goto f_err;
}
- if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
+ if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
{
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
- goto f_err;
+ /* The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send the negotiated protocol
+ * version instead if the server does not support the requested
+ * protocol version.
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+ {
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+ goto f_err;
+ }
}
s->session->master_key_length=