diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index e23ca20bd3..bb8cfb31e5 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -153,7 +153,10 @@ int ssl3_accept(SSL *s) | |||
| 153 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 153 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 154 | 154 | ||
| 155 | if ((s->version>>8) != 3) | 155 | if ((s->version>>8) != 3) |
| 156 | abort(); | 156 | { |
| 157 | SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_INTERNAL_ERROR); | ||
| 158 | return -1; | ||
| 159 | } | ||
| 157 | s->type=SSL_ST_ACCEPT; | 160 | s->type=SSL_ST_ACCEPT; |
| 158 | 161 | ||
| 159 | if (s->init_buf == NULL) | 162 | if (s->init_buf == NULL) |
| @@ -982,7 +985,7 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 982 | dhp=cert->dh_tmp; | 985 | dhp=cert->dh_tmp; |
| 983 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 986 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 984 | dhp=s->cert->dh_tmp_cb(s, | 987 | dhp=s->cert->dh_tmp_cb(s, |
| 985 | !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | 988 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), |
| 986 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | 989 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); |
| 987 | if (dhp == NULL) | 990 | if (dhp == NULL) |
| 988 | { | 991 | { |
| @@ -1326,11 +1329,22 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1326 | goto f_err; | 1329 | goto f_err; |
| 1327 | } | 1330 | } |
| 1328 | 1331 | ||
| 1329 | if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff))) | 1332 | if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) |
| 1330 | { | 1333 | { |
| 1331 | al=SSL_AD_DECODE_ERROR; | 1334 | /* The premaster secret must contain the same version number as the |
| 1332 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); | 1335 | * ClientHello to detect version rollback attacks (strangely, the |
| 1333 | goto f_err; | 1336 | * protocol does not offer such protection for DH ciphersuites). |
| 1337 | * However, buggy clients exist that send the negotiated protocol | ||
| 1338 | * version instead if the server does not support the requested | ||
| 1339 | * protocol version. | ||
| 1340 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ | ||
| 1341 | if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && | ||
| 1342 | (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) | ||
| 1343 | { | ||
| 1344 | al=SSL_AD_DECODE_ERROR; | ||
| 1345 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); | ||
| 1346 | goto f_err; | ||
| 1347 | } | ||
| 1334 | } | 1348 | } |
| 1335 | 1349 | ||
| 1336 | s->session->master_key_length= | 1350 | s->session->master_key_length= |