aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2007-03-15 20:03:30 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2007-03-15 20:03:30 +0000
commit5471f83ea72e251ea1f0d04428878a74347efa0f (patch)
treee7ef8661c43c3081071230f45d641b5d8a756e55 /crypto/openssl/ssl/s3_srvr.c
parent4d227dd736e57cf75f2278d8117f44dcb3defa61 (diff)
downloadsrc-5471f83ea72e251ea1f0d04428878a74347efa0f.tar.gz
src-5471f83ea72e251ea1f0d04428878a74347efa0f.zip
Vendor import of OpenSSL 0.9.8e.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=167612
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r--crypto/openssl/ssl/s3_srvr.c29
1 files changed, 25 insertions, 4 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 098eea13ce77..9414cf09fb64 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -300,8 +300,9 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH or anon ECDH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+ /* Check if it is anon DH or anon ECDH or KRB5 */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+ && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
{
ret=ssl3_send_server_certificate(s);
if (ret <= 0) goto end;
@@ -679,9 +680,9 @@ int ssl3_get_client_hello(SSL *s)
*/
if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
{
- s->first_packet=1;
s->state=SSL3_ST_SR_CLNT_HELLO_B;
}
+ s->first_packet=1;
n=s->method->ssl_get_message(s,
SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C,
@@ -690,6 +691,7 @@ int ssl3_get_client_hello(SSL *s)
&ok);
if (!ok) return((int)n);
+ s->first_packet=0;
d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header
@@ -1995,6 +1997,25 @@ int ssl3_get_client_key_exchange(SSL *s)
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
+ if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ {
+ /* The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send random bytes instead of
+ * the protocol version.
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
+ * (Perhaps we should have a separate BUG value for the Kerberos cipher)
+ */
+ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_AD_DECODE_ERROR);
+ goto err;
+ }
+ }
+
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
s->session->master_key_length=
@@ -2042,7 +2063,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (l & SSL_kECDH)
{
/* use the certificate */
- tkey = s->cert->key->privatekey->pkey.ec;
+ tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
}
else
{