generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Assume TLS 1.0 if ClientHello fragment is too short.

Browse Source
This commit is contained in:
Bodo Möller 2001-10-25 06:06:50 +00:00
parent 38b3e9edde
commit 96ec4ce0d2
3 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -4,6 +4,15 @@
Changes between 0.9.6b and 0.9.6c [XX xxx XXXX] Changes between 0.9.6b and 0.9.6c [XX xxx XXXX]
*) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
faced with a pathologically small ClientHello fragment that does
not contain client_version: Instead of aborting with an error,
simply choose the highest available protocol version (i.e.,
TLS 1.0 unless it is disabled). In practice, ClientHello
messages are never sent like this, but this change gives us
strictly correct behaviour at least for TLS.
[Bodo Moeller]
*) Fix SSL handshake functions and SSL_clear() such that SSL_clear() *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions. one of the SSL handshake functions.

1
ssl/s23_clnt.c
View File

@ -200,6 +200,7 @@ int ssl23_connect(SSL *s)
} }
end: end:
s->in_handshake--; s->in_handshake--;
if (s->in_handshake)
if (cb != NULL) if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret); cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret); return(ret);

19
ssl/s23_srvr.c
View File

@ -232,9 +232,9 @@ int ssl23_accept(SSL *s)
} }
} }
end: end:
s->in_handshake--;
if (cb != NULL) if (cb != NULL)
cb(s,SSL_CB_ACCEPT_EXIT,ret); cb(s,SSL_CB_ACCEPT_EXIT,ret);
s->in_handshake--;
return(ret); return(ret);
} }
@ -405,17 +405,22 @@ int ssl23_get_client_hello(SSL *s)
/* We must look at client_version inside the Client Hello message /* We must look at client_version inside the Client Hello message
* to get the correct minor version. * to get the correct minor version.
* However if we have only a pathologically small fragment of the * However if we have only a pathologically small fragment of the
* Client Hello message, this would be difficult, we'd have * Client Hello message, this would be difficult, and we'd have
* to read at least one additional record to find out. * to read more records to find out.
* This doesn't usually happen in real life, so we just complain * No known SSL 3.0 client fragments ClientHello like this,
* for now. * so we simply assume TLS 1.0 to avoid protocol version downgrade
*/ * attacks. */
if (p[3] == 0 && p[4] < 6) if (p[3] == 0 && p[4] < 6)
{ {
#if 0
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err; goto err;
#else
v[1] = TLS1_VERSION_MINOR;
#endif
} }
v[1]=p[10]; /* minor version according to client_version */ else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR) if (v[1] >= TLS1_VERSION_MINOR)
{ {
if (!(s->options & SSL_OP_NO_TLSv1)) if (!(s->options & SSL_OP_NO_TLSv1))