diff options
author | sthen <> | 2009-11-17 14:34:41 +0000 |
---|---|---|
committer | sthen <> | 2009-11-17 14:34:41 +0000 |
commit | 78a5f788a78b264dfccca92d8ada6df20c8e30bc (patch) | |
tree | 1eaaa481c6c4865d6abfd996980aca43590f2d6e | |
parent | a699cc827a7fd1a4d2c35a44a4ca8471e80a51d8 (diff) | |
download | openbsd-78a5f788a78b264dfccca92d8ada6df20c8e30bc.tar.gz openbsd-78a5f788a78b264dfccca92d8ada6df20c8e30bc.tar.bz2 openbsd-78a5f788a78b264dfccca92d8ada6df20c8e30bc.zip |
Pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from
openssl 0.9.8l.
As suggested by markus@, for -stable the header change is being
restricted to a private file, so the minor version is not cranked here.
Discussed with markus, djm, deraadt.
-rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 3 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 4 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 8 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 2 |
4 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 8916a0b1b3..5aa7bb21da 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
@@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s) | |||
2592 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | 2592 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) |
2593 | return(0); | 2593 | return(0); |
2594 | 2594 | ||
2595 | if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
2596 | return(0); | ||
2597 | |||
2595 | s->s3->renegotiate=1; | 2598 | s->s3->renegotiate=1; |
2596 | return(1); | 2599 | return(1); |
2597 | } | 2600 | } |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 9476dcddf6..b98b84044f 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
@@ -985,6 +985,7 @@ start: | |||
985 | 985 | ||
986 | if (SSL_is_init_finished(s) && | 986 | if (SSL_is_init_finished(s) && |
987 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 987 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
988 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && | ||
988 | !s->s3->renegotiate) | 989 | !s->s3->renegotiate) |
989 | { | 990 | { |
990 | ssl3_renegotiate(s); | 991 | ssl3_renegotiate(s); |
@@ -1117,7 +1118,8 @@ start: | |||
1117 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | 1118 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) |
1118 | { | 1119 | { |
1119 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1120 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && |
1120 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | 1121 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
1122 | (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
1121 | { | 1123 | { |
1122 | #if 0 /* worked only because C operator preferences are not as expected (and | 1124 | #if 0 /* worked only because C operator preferences are not as expected (and |
1123 | * because this is not really needed for clients except for detecting | 1125 | * because this is not really needed for clients except for detecting |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 80b45eb86f..79f3706c31 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
@@ -718,6 +718,14 @@ int ssl3_get_client_hello(SSL *s) | |||
718 | #endif | 718 | #endif |
719 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | 719 | STACK_OF(SSL_CIPHER) *ciphers=NULL; |
720 | 720 | ||
721 | if (s->new_session | ||
722 | && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) | ||
723 | { | ||
724 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
725 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
726 | goto f_err; | ||
727 | } | ||
728 | |||
721 | /* We do this so that we will respond with our native type. | 729 | /* We do this so that we will respond with our native type. |
722 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | 730 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, |
723 | * This down switching should be handled by a different method. | 731 | * This down switching should be handled by a different method. |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ed4ddbbae6..1a8b3f4f44 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
@@ -401,6 +401,8 @@ | |||
401 | #define NAMED_CURVE_TYPE 3 | 401 | #define NAMED_CURVE_TYPE 3 |
402 | #endif /* OPENSSL_NO_EC */ | 402 | #endif /* OPENSSL_NO_EC */ |
403 | 403 | ||
404 | #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 | ||
405 | |||
404 | typedef struct cert_pkey_st | 406 | typedef struct cert_pkey_st |
405 | { | 407 | { |
406 | X509 *x509; | 408 | X509 *x509; |