diff options
author | Bodo Möller <bodo@openssl.org> | 2001-08-07 09:30:18 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-08-07 09:30:18 +0000 |
commit | 37a7cd1a11827af12801a535ad9b17bdca96caeb (patch) | |
tree | d26649b935c4479b3716734d0794d042f3b214ff | |
parent | 3a2d9c4dd0b2d75aca3decae7737304b9024dc34 (diff) | |
download | openssl-37a7cd1a11827af12801a535ad9b17bdca96caeb.tar.gz |
Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.
Submitted by: Petr Lampa <lampa@fee.vutbr.cz>
-rw-r--r-- | CHANGES | 6 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 8 |
2 files changed, 13 insertions, 1 deletions
@@ -12,6 +12,12 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa <lampa@fee.vutbr.cz>] + +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended bug workarounds. Rollback attack detection is a security feature. The problem will only arise on OpenSSL servers when TLSv1 is not diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f93f2772d6..18133f3da5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -884,11 +884,17 @@ static int ssl3_get_key_exchange(SSL *s) DH *dh=NULL; #endif + /* use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped */ n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, - 1024*8, /* ?? */ +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n); |