diff options
| author | simon <simon@FreeBSD.org> | 2007-03-15 20:03:30 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2007-03-15 20:03:30 +0000 |
| commit | ee48ceb6a84c702d0f80bc72ce8be558bdcb0de3 (patch) | |
| tree | e7ef8661c43c3081071230f45d641b5d8a756e55 /crypto/openssl/ssl/s3_srvr.c | |
| parent | 25dab5b4c1779c970f3c644ff3f37f0c4cb5538d (diff) | |
| download | FreeBSD-src-ee48ceb6a84c702d0f80bc72ce8be558bdcb0de3.zip FreeBSD-src-ee48ceb6a84c702d0f80bc72ce8be558bdcb0de3.tar.gz | |
Vendor import of OpenSSL 0.9.8e.
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
| -rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 098eea1..9414cf0 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -300,8 +300,9 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: - /* Check if it is anon DH or anon ECDH */ - if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + /* Check if it is anon DH or anon ECDH or KRB5 */ + if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL) + && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -679,9 +680,9 @@ int ssl3_get_client_hello(SSL *s) */ if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->first_packet=1; s->state=SSL3_ST_SR_CLNT_HELLO_B; } + s->first_packet=1; n=s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, @@ -690,6 +691,7 @@ int ssl3_get_client_hello(SSL *s) &ok); if (!ok) return((int)n); + s->first_packet=0; d=p=(unsigned char *)s->init_msg; /* use version from inside client hello, not from record header @@ -1995,6 +1997,25 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_DATA_LENGTH_TOO_LONG); goto err; } + if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + { + /* The premaster secret must contain the same version number as the + * ClientHello to detect version rollback attacks (strangely, the + * protocol does not offer such protection for DH ciphersuites). + * However, buggy clients exist that send random bytes instead of + * the protocol version. + * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. + * (Perhaps we should have a separate BUG value for the Kerberos cipher) + */ + if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && + (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_AD_DECODE_ERROR); + goto err; + } + } + EVP_CIPHER_CTX_cleanup(&ciph_ctx); s->session->master_key_length= @@ -2042,7 +2063,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (l & SSL_kECDH) { /* use the certificate */ - tkey = s->cert->key->privatekey->pkey.ec; + tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; } else { |
