Commit 37a7cd1a authored by Bodo Möller's avatar Bodo Möller
Browse files

Bugfix: larger message size in ssl3_get_key_exchange() because 

ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
parent 3a2d9c4d

CHANGES

+6 −0
Original line number Original line Diff line number Diff line
@@ -12,6 +12,12 @@ 
         *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7

         *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7

         +) applies to 0.9.7 only

         +) applies to 0.9.7 only





  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()

     with the same message size as in ssl3_get_certificate_request().

     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest

     messages might inadvertently be reject as too long.

     [Petr Lampa <lampa@fee.vutbr.cz>]



  +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended

  +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended

     bug workarounds. Rollback attack detection is a security feature.

     bug workarounds. Rollback attack detection is a security feature.

     The problem will only arise on OpenSSL servers when TLSv1 is not

     The problem will only arise on OpenSSL servers when TLSv1 is not

ssl/s3_clnt.c

+7 −1
Original line number Original line Diff line number Diff line
@@ -884,11 +884,17 @@ static int ssl3_get_key_exchange(SSL *s) 
	DH *dh=NULL;

	DH *dh=NULL;

#endif

#endif





	/* use same message size as in ssl3_get_certificate_request()

	 * as ServerKeyExchange message may be skipped */

	n=ssl3_get_message(s,

	n=ssl3_get_message(s,

		SSL3_ST_CR_KEY_EXCH_A,

		SSL3_ST_CR_KEY_EXCH_A,

		SSL3_ST_CR_KEY_EXCH_B,

		SSL3_ST_CR_KEY_EXCH_B,

		-1,

		-1,

		1024*8, /* ?? */

#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)

		1024*30,  /* 30k max cert list :-) */

#else

		1024*100, /* 100k max cert list :-) */

#endif

		&ok);

		&ok);





	if (!ok) return((int)n);

	if (!ok) return((int)n);