diff options
author | Kris Kennaway <kris@FreeBSD.org> | 2000-11-13 01:03:58 +0000 |
---|---|---|
committer | Kris Kennaway <kris@FreeBSD.org> | 2000-11-13 01:03:58 +0000 |
commit | ddd58736f08d9acef3606719eba2e38ed611705b (patch) | |
tree | 258f64877cac3711a3434257baddcbae72af2af3 /crypto/openssl/ssl/s3_srvr.c | |
parent | 07c567b8ec177822ff1b6e4929662b317ba137b5 (diff) | |
download | src-ddd58736f08d9acef3606719eba2e38ed611705b.tar.gz src-ddd58736f08d9acef3606719eba2e38ed611705b.zip |
Initial import of OpenSSL 0.9.6
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=68651
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index e23ca20bd310..bb8cfb31e55a 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -153,7 +153,10 @@ int ssl3_accept(SSL *s) if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); if ((s->version>>8) != 3) - abort(); + { + SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR); + return -1; + } s->type=SSL_ST_ACCEPT; if (s->init_buf == NULL) @@ -982,7 +985,7 @@ static int ssl3_send_server_key_exchange(SSL *s) dhp=cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) dhp=s->cert->dh_tmp_cb(s, - !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), + SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { @@ -1326,11 +1329,22 @@ static int ssl3_get_client_key_exchange(SSL *s) goto f_err; } - if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff))) + if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + /* The premaster secret must contain the same version number as the + * ClientHello to detect version rollback attacks (strangely, the + * protocol does not offer such protection for DH ciphersuites). + * However, buggy clients exist that send the negotiated protocol + * version instead if the server does not support the requested + * protocol version. + * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ + if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && + (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + { + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + goto f_err; + } } s->session->master_key_length= |