diff options
| author |   markus <markus@openbsd.org> | 2009-11-10 09:09:40 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2009-11-10 09:09:40 +0000 |
| commit | 66a15954f5845cbbe38e8561ce13fc3bb20b68b8 (patch) | |
| tree | f53091c24474a6910d6836e46486845d29db1196 /lib/libssl/src | |
| parent | fix typo: in the example use ``rate'' instead of ``sample_rate'', (diff) | |
| download | wireguard-openbsd-66a15954f5845cbbe38e8561ce13fc3bb20b68b8.tar.xz wireguard-openbsd-66a15954f5845cbbe38e8561ce13fc3bb20b68b8.zip | |
pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/s3_lib.c | 3 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_pkt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 8 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl3.h | 9 |
4 files changed, 19 insertions, 5 deletions
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 8916a0b1b3c..5aa7bb21da1 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -2592,6 +2592,9 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); + if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + return(0); + s->s3->renegotiate=1; return(1); } diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 9476dcddf6e..b98b84044fd 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -985,6 +985,7 @@ start: if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !s->s3->renegotiate) { ssl3_renegotiate(s); @@ -1117,7 +1118,8 @@ start: if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 80b45eb86ff..79f3706c314 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -718,6 +718,14 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session + && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h index 4b1e2e98347..a1a19cbfcbf 100644 --- a/lib/libssl/src/ssl/ssl3.h +++ b/lib/libssl/src/ssl/ssl3.h @@ -326,10 +326,11 @@ typedef struct ssl3_buffer_st #define SSL3_CT_NUMBER 7 -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 typedef struct ssl3_state_st { |