aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/s3_clnt.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2014-09-02 18:48:52 +0200
committermarha <marha@users.sourceforge.net>2014-09-02 18:48:52 +0200
commitdea8f13d8104872dec9243abe06f3d9e4c807ccd (patch)
treeb01e5b901eaca45f1e3aa2b6fddfd45ca271ee75 /openssl/ssl/s3_clnt.c
parent3293021e6f582c7348667e7638941620134525e1 (diff)
parent04168ae281bfbd714ddf6b90d98eac892508dde8 (diff)
downloadvcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.tar.gz
vcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.tar.bz2
vcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.zip
Merge remote-tracking branch 'origin/released'
Conflicts: openssl/Makefile openssl/crypto/opensslconf.h
Diffstat (limited to 'openssl/ssl/s3_clnt.c')
-rw-r--r--openssl/ssl/s3_clnt.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index 0457af878..ea0c82de4 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -510,6 +510,7 @@ int ssl3_connect(SSL *s)
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
@@ -901,6 +902,7 @@ int ssl3_get_server_hello(SSL *s)
{
s->session->cipher = pref_cipher ?
pref_cipher : ssl_get_cipher_by_char(s, p+j);
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
}
}
#endif /* OPENSSL_NO_TLSEXT */
@@ -952,6 +954,15 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
goto f_err;
}
+#ifndef OPENSSL_NO_SRP
+ if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+ !(s->srp_ctx.srp_Mask & SSL_kSRP))
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+ goto f_err;
+ }
+#endif /* OPENSSL_NO_SRP */
p+=ssl_put_cipher_by_char(s,NULL,NULL);
sk=ssl_get_ciphers_by_id(s);
@@ -1458,6 +1469,12 @@ int ssl3_get_key_exchange(SSL *s)
p+=i;
n-=param_len;
+ if (!srp_verify_server_param(s, &al))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+ goto f_err;
+ }
+
/* We must check if there is a certificate */
#ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
@@ -2251,6 +2268,13 @@ int ssl3_send_client_key_exchange(SSL *s)
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+ if (s->session->sess_cert == NULL)
+ {
+ /* We should always have a server certificate with SSL_kRSA. */
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_rsa_tmp != NULL)
rsa=s->session->sess_cert->peer_rsa_tmp;
else