diff options
| author | djm <> | 2012-01-05 22:59:13 +0000 |
|---|---|---|
| committer | djm <> | 2012-01-05 22:59:13 +0000 |
| commit | 731838c66b52c0ae5888333005b74115a620aa96 (patch) | |
| tree | 112a26c17bdf32e5d76181791e536ba74549e6dc /src/lib/libssl/s3_srvr.c | |
| parent | 113f799ec7d1728f0a5d7ab5b0e3b42e3de56407 (diff) | |
| download | openbsd-731838c66b52c0ae5888333005b74115a620aa96.tar.gz openbsd-731838c66b52c0ae5888333005b74115a620aa96.tar.bz2 openbsd-731838c66b52c0ae5888333005b74115a620aa96.zip | |
OpenSSL 1.0.0f: import upstream source
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index c3b5ff33ff..d734c359fb 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) | |||
| 258 | } | 258 | } |
| 259 | 259 | ||
| 260 | s->init_num=0; | 260 | s->init_num=0; |
| 261 | s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 261 | 262 | ||
| 262 | if (s->state != SSL_ST_RENEGOTIATE) | 263 | if (s->state != SSL_ST_RENEGOTIATE) |
| 263 | { | 264 | { |
| @@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) | |||
| 755 | int ok; | 756 | int ok; |
| 756 | long n; | 757 | long n; |
| 757 | 758 | ||
| 759 | /* We only allow the client to restart the handshake once per | ||
| 760 | * negotiation. */ | ||
| 761 | if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) | ||
| 762 | { | ||
| 763 | SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); | ||
| 764 | return -1; | ||
| 765 | } | ||
| 766 | |||
| 758 | /* this function is called when we really expect a Certificate message, | 767 | /* this function is called when we really expect a Certificate message, |
| 759 | * so permit appropriate message length */ | 768 | * so permit appropriate message length */ |
| 760 | n=s->method->ssl_get_message(s, | 769 | n=s->method->ssl_get_message(s, |
| @@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s) | |||
| 783 | s->s3->tmp.ecdh = NULL; | 792 | s->s3->tmp.ecdh = NULL; |
| 784 | } | 793 | } |
| 785 | #endif | 794 | #endif |
| 795 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 786 | return 2; | 796 | return 2; |
| 787 | } | 797 | } |
| 788 | return 1; | 798 | return 1; |
| @@ -2130,6 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
| 2130 | if (i <= 0) | 2140 | if (i <= 0) |
| 2131 | { | 2141 | { |
| 2132 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | 2142 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); |
| 2143 | BN_clear_free(pub); | ||
| 2133 | goto err; | 2144 | goto err; |
| 2134 | } | 2145 | } |
| 2135 | 2146 | ||