Loading CHANGES +22 −10 Original line number Diff line number Diff line Loading @@ -4,6 +4,18 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if this option is set, tolerate broken clients that send the negotiated protocol version number instead of the requested protocol version number. [Bodo Moeller] *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; i.e. non-zero for export ciphersuites, zero otherwise. Previous versions had this flag inverted, inconsistent with rsa_tmp_cb (..._TMP_RSA_CB). [Bodo Moeller; problem reported by Amit Chopra] *) Add missing DSA library text string. Work around for some IIS key files with invalid SEQUENCE encoding. [Steve Henson] Loading ssl/s3_srvr.c +16 −5 Original line number Diff line number Diff line Loading @@ -982,7 +982,7 @@ static int ssl3_send_server_key_exchange(SSL *s) dhp=cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) dhp=s->cert->dh_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { Loading Loading @@ -1326,12 +1326,23 @@ static int ssl3_get_client_key_exchange(SSL *s) goto f_err; } if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff))) if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the * protocol does not offer such protection for DH ciphersuites). * However, buggy clients exist that send the negotiated protocol * version instead if the servers does not support the requested * protocol version. * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); goto f_err; } } s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, Loading Loading
CHANGES +22 −10 Original line number Diff line number Diff line Loading @@ -4,6 +4,18 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if this option is set, tolerate broken clients that send the negotiated protocol version number instead of the requested protocol version number. [Bodo Moeller] *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; i.e. non-zero for export ciphersuites, zero otherwise. Previous versions had this flag inverted, inconsistent with rsa_tmp_cb (..._TMP_RSA_CB). [Bodo Moeller; problem reported by Amit Chopra] *) Add missing DSA library text string. Work around for some IIS key files with invalid SEQUENCE encoding. [Steve Henson] Loading
ssl/s3_srvr.c +16 −5 Original line number Diff line number Diff line Loading @@ -982,7 +982,7 @@ static int ssl3_send_server_key_exchange(SSL *s) dhp=cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) dhp=s->cert->dh_tmp_cb(s, !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); if (dhp == NULL) { Loading Loading @@ -1326,12 +1326,23 @@ static int ssl3_get_client_key_exchange(SSL *s) goto f_err; } if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff))) if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the * protocol does not offer such protection for DH ciphersuites). * However, buggy clients exist that send the negotiated protocol * version instead if the servers does not support the requested * protocol version. * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); goto f_err; } } s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, Loading
