generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid protocol rollback.

Browse Source
This commit is contained in:
Bodo Möller 2000-09-22 21:39:33 +00:00
parent dbba890cf1
commit f1192b7f2e
4 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES
View File

@ -4,6 +4,16 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) In ssl23_get_client_hello, generate an error message when faced
with an initial SSL 3.0/TLS record that is too small to contain the
first two bytes of the ClientHello message, i.e. client_version.
(Note that this is a pathologic case that probably has never happened
in real life.) The previous approach was to use the version number
from the record header as a subsitute; but our protocol choice
should not depend on that one because it is not authenticated
by the Finished messages.
[Bodo Moeller]
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does to avoid possibly overwriting other errors which the callback does

21
ssl/s23_srvr.c
View File

@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
* SSLv3 or tls1 header * SSLv3 or tls1 header
*/ */
v[0]=p[1]; /* major version */ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
/* We must look at client_version inside the Client Hello message /* We must look at client_version inside the Client Hello message
* to get the correct minor version: */ * to get the correct minor version.
v[1]=p[10]; * However if we have only a pathologically small fragment of the
/* However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have
* Client Hello message, we simply use the version from the * to read at least one additional record to find out.
* record header -- this is incorrect but unlikely to fail in * This doesn't usually happen in real life, so we just complain
* practice */ * for now.
*/
if (p[3] == 0 && p[4] < 6) if (p[3] == 0 && p[4] < 6)
v[1]=p[2]; {
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
}
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR) if (v[1] >= TLS1_VERSION_MINOR)
{ {
if (!(s->options & SSL_OP_NO_TLSv1)) if (!(s->options & SSL_OP_NO_TLSv1))

1
ssl/ssl.h
View File

@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_RECORD_TOO_SMALL 1093
#define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217

1
ssl/ssl_err.c
View File

@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
{SSL_R_RECORD_TOO_LARGE ,"record too large"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"},
{SSL_R_RECORD_TOO_SMALL ,"record too small"},
{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},