generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement SSL_OP_TLS_ROLLBACK_BUG for servers.

Browse Source 
Call dh_tmp_cb with correct 'is_export' flag.

Avoid tabs in CHANGES.
This commit is contained in:
Bodo Möller 2000-05-25 09:50:40 +00:00
parent 2933ed4df7
commit 2c05c494c0
2 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -4,6 +4,18 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
this option is set, tolerate broken clients that send the negotiated
protocol version number instead of the requested protocol version
number.
[Bodo Moeller]
*) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
i.e. non-zero for export ciphersuites, zero otherwise.
Previous versions had this flag inverted, inconsistent with
rsa_tmp_cb (..._TMP_RSA_CB).
[Bodo Moeller; problem reported by Amit Chopra]
*) Add missing DSA library text string. Work around for some IIS *) Add missing DSA library text string. Work around for some IIS
key files with invalid SEQUENCE encoding. key files with invalid SEQUENCE encoding.
[Steve Henson] [Steve Henson]

15
ssl/s3_srvr.c
View File

@ -982,7 +982,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
dhp=cert->dh_tmp; dhp=cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp=s->cert->dh_tmp_cb(s, dhp=s->cert->dh_tmp_cb(s,
!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
if (dhp == NULL) if (dhp == NULL)
{ {
@ -1326,12 +1326,23 @@ static int ssl3_get_client_key_exchange(SSL *s)
goto f_err; goto f_err;
} }
if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff))) if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
{
/* The premaster secret must contain the same version number as the
* ClientHello to detect version rollback attacks (strangely, the
* protocol does not offer such protection for DH ciphersuites).
* However, buggy clients exist that send the negotiated protocol
* version instead if the servers does not support the requested
* protocol version.
* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
{ {
al=SSL_AD_DECODE_ERROR; al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
goto f_err; goto f_err;
} }
}
s->session->master_key_length= s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s, s->method->ssl3_enc->generate_master_secret(s,