summaryrefslogtreecommitdiff
path: root/app/openssl/ssl/s23_srvr.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-12-15 16:22:58 +0100
committerParménides GV <parmegv@sdf.org>2014-12-15 16:22:58 +0100
commit18fef7c99aa36b3e5622b3865f36d78d0879e92d (patch)
tree7a04fc87318d5008bbc1f1ac145ebb505bb5238c /app/openssl/ssl/s23_srvr.c
parent56fe0400b8983ce57112ed5a0f993985a87741c0 (diff)
parent33c5958a18599267820f73b151d8161d83f93d88 (diff)
Merge branch 'research/Test-on-Android-5-#6543' into develop
Diffstat (limited to 'app/openssl/ssl/s23_srvr.c')
-rw-r--r--app/openssl/ssl/s23_srvr.c51
1 files changed, 35 insertions, 16 deletions
diff --git a/app/openssl/ssl/s23_srvr.c b/app/openssl/ssl/s23_srvr.c
index 48778490..93ca7d53 100644
--- a/app/openssl/ssl/s23_srvr.c
+++ b/app/openssl/ssl/s23_srvr.c
@@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
#endif
+#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
return(SSLv3_server_method());
- else if (ver == TLS1_VERSION)
+#endif
+ if (ver == TLS1_VERSION)
return(TLSv1_server_method());
else if (ver == TLS1_1_VERSION)
return(TLSv1_1_server_method());
@@ -348,23 +350,19 @@ int ssl23_get_client_hello(SSL *s)
* Client Hello message, this would be difficult, and we'd have
* to read more records to find out.
* No known SSL 3.0 client fragments ClientHello like this,
- * so we simply assume TLS 1.0 to avoid protocol version downgrade
- * attacks. */
+ * so we simply reject such connections to avoid
+ * protocol version downgrade attacks. */
if (p[3] == 0 && p[4] < 6)
{
-#if 0
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
-#else
- v[1] = TLS1_VERSION_MINOR;
-#endif
}
/* if major version number > 3 set minor to a value
* which will use the highest version 3 we support.
* If TLS 2.0 ever appears we will need to revise
* this....
*/
- else if (p[9] > SSL3_VERSION_MAJOR)
+ if (p[9] > SSL3_VERSION_MAJOR)
v[1]=0xff;
else
v[1]=p[10]; /* minor version according to client_version */
@@ -425,6 +423,9 @@ int ssl23_get_client_hello(SSL *s)
}
}
+ /* ensure that TLS_MAX_VERSION is up-to-date */
+ OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
#ifdef OPENSSL_FIPS
if (FIPS_mode() && (s->version < TLS1_VERSION))
{
@@ -444,14 +445,34 @@ int ssl23_get_client_hello(SSL *s)
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
+ /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+ * header is sent directly on the wire, not wrapped as a TLS
+ * record. It's format is:
+ * Byte Content
+ * 0-1 msg_length
+ * 2 msg_type
+ * 3-4 version
+ * 5-6 cipher_spec_length
+ * 7-8 session_id_length
+ * 9-10 challenge_length
+ * ... ...
+ */
n=((p[0]&0x7f)<<8)|p[1];
if (n > (1024*4))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
goto err;
}
+ if (n < 9)
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
+ goto err;
+ }
j=ssl23_read_bytes(s,n+2);
+ /* We previously read 11 bytes, so if j > 0, we must have
+ * j == n+2 == s->packet_length. We have at least 11 valid
+ * packet bytes. */
if (j <= 0) return(j);
ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
@@ -581,6 +602,12 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+ s->method = ssl23_get_server_method(s->version);
+ if (s->method == NULL)
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+ }
if (!ssl_init_wbio_buffer(s,1)) goto err;
@@ -608,14 +635,6 @@ int ssl23_get_client_hello(SSL *s)
s->s3->rbuf.left=0;
s->s3->rbuf.offset=0;
}
- if (s->version == TLS1_2_VERSION)
- s->method = TLSv1_2_server_method();
- else if (s->version == TLS1_1_VERSION)
- s->method = TLSv1_1_server_method();
- else if (s->version == TLS1_VERSION)
- s->method = TLSv1_server_method();
- else
- s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif