generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tolerate extra data at end of client hello for SSL 3.0

Browse Source 
PR: 659
This commit is contained in:
Bodo Möller 2003-07-21 15:17:46 +00:00
parent 02e0559477
commit ddc38679ce
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGES
View File

@ -537,6 +537,15 @@
Changes between 0.9.7b and 0.9.7c [xx XXX 2003] Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
*) Change AES_cbc_encrypt() so it outputs exact multiple of *) Change AES_cbc_encrypt() so it outputs exact multiple of
blocks during encryption. blocks during encryption.
[Richard Levitte] [Richard Levitte]
@ -671,6 +680,9 @@ yet to be integrated into this CVS branch:
Changes between 0.9.6h and 0.9.7 [31 Dec 2002] Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
[NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
OpenSSL 0.9.7.]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session octet was ignored consequently. As a result SSLv2 client side session
@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6j and 0.9.6k [xx XXX 2003] Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable *) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes. when it's 512 *bits* long, not 512 bytes.
[Richard Levitte] [Richard Levitte]

4
ssl/s3_srvr.c
View File

@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s)
} }
/* TLS does not mind if there is extra stuff */ /* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
if (s->version == SSL3_VERSION) if (s->version == SSL3_VERSION)
{ {
if (p < (d+n)) if (p < (d+n))
@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s)
goto f_err; goto f_err;
} }
} }
#endif
/* Given s->session->ciphers and SSL_get_ciphers, we must /* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher */ * pick a cipher */