diff options
| author | djm <> | 2012-01-05 23:01:39 +0000 |
|---|---|---|
| committer | djm <> | 2012-01-05 23:01:39 +0000 |
| commit | 1323613b1aa20bc25bc1ca71f1926d7e11788b87 (patch) | |
| tree | 866512933d8f0c1ea5465d0169915b36c1ca3cae /src/lib/libssl/s3_srvr.c | |
| parent | 01b1f5ed381fe1d6d9a28e1b11285d194d167080 (diff) | |
| download | openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.gz openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.tar.bz2 openbsd-1323613b1aa20bc25bc1ca71f1926d7e11788b87.zip | |
OpenSSL 1.0.0f: merge
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index c3b5ff33ff..d734c359fb 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) | |||
| 258 | } | 258 | } |
| 259 | 259 | ||
| 260 | s->init_num=0; | 260 | s->init_num=0; |
| 261 | s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 261 | 262 | ||
| 262 | if (s->state != SSL_ST_RENEGOTIATE) | 263 | if (s->state != SSL_ST_RENEGOTIATE) |
| 263 | { | 264 | { |
| @@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) | |||
| 755 | int ok; | 756 | int ok; |
| 756 | long n; | 757 | long n; |
| 757 | 758 | ||
| 759 | /* We only allow the client to restart the handshake once per | ||
| 760 | * negotiation. */ | ||
| 761 | if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) | ||
| 762 | { | ||
| 763 | SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); | ||
| 764 | return -1; | ||
| 765 | } | ||
| 766 | |||
| 758 | /* this function is called when we really expect a Certificate message, | 767 | /* this function is called when we really expect a Certificate message, |
| 759 | * so permit appropriate message length */ | 768 | * so permit appropriate message length */ |
| 760 | n=s->method->ssl_get_message(s, | 769 | n=s->method->ssl_get_message(s, |
| @@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s) | |||
| 783 | s->s3->tmp.ecdh = NULL; | 792 | s->s3->tmp.ecdh = NULL; |
| 784 | } | 793 | } |
| 785 | #endif | 794 | #endif |
| 795 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 786 | return 2; | 796 | return 2; |
| 787 | } | 797 | } |
| 788 | return 1; | 798 | return 1; |
| @@ -2130,6 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
| 2130 | if (i <= 0) | 2140 | if (i <= 0) |
| 2131 | { | 2141 | { |
| 2132 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | 2142 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); |
| 2143 | BN_clear_free(pub); | ||
| 2133 | goto err; | 2144 | goto err; |
| 2134 | } | 2145 | } |
| 2135 | 2146 | ||