diff options
author | marha <marha@users.sourceforge.net> | 2014-09-02 18:48:52 +0200 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2014-09-02 18:48:52 +0200 |
commit | dea8f13d8104872dec9243abe06f3d9e4c807ccd (patch) | |
tree | b01e5b901eaca45f1e3aa2b6fddfd45ca271ee75 /openssl/ssl/s3_clnt.c | |
parent | 3293021e6f582c7348667e7638941620134525e1 (diff) | |
parent | 04168ae281bfbd714ddf6b90d98eac892508dde8 (diff) | |
download | vcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.tar.gz vcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.tar.bz2 vcxsrv-dea8f13d8104872dec9243abe06f3d9e4c807ccd.zip |
Merge remote-tracking branch 'origin/released'
Conflicts:
openssl/Makefile
openssl/crypto/opensslconf.h
Diffstat (limited to 'openssl/ssl/s3_clnt.c')
-rw-r--r-- | openssl/ssl/s3_clnt.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 0457af878..ea0c82de4 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -510,6 +510,7 @@ int ssl3_connect(SSL *s) s->method->ssl3_enc->client_finished_label, s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->state=SSL3_ST_CW_FLUSH; /* clear flags */ @@ -901,6 +902,7 @@ int ssl3_get_server_hello(SSL *s) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p+j); + s->s3->flags |= SSL3_FLAGS_CCS_OK; } } #endif /* OPENSSL_NO_TLSEXT */ @@ -952,6 +954,15 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } +#ifndef OPENSSL_NO_SRP + if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && + !(s->srp_ctx.srp_Mask & SSL_kSRP)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); + goto f_err; + } +#endif /* OPENSSL_NO_SRP */ p+=ssl_put_cipher_by_char(s,NULL,NULL); sk=ssl_get_ciphers_by_id(s); @@ -1458,6 +1469,12 @@ int ssl3_get_key_exchange(SSL *s) p+=i; n-=param_len; + if (!srp_verify_server_param(s, &al)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS); + goto f_err; + } + /* We must check if there is a certificate */ #ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) @@ -2251,6 +2268,13 @@ int ssl3_send_client_key_exchange(SSL *s) RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + if (s->session->sess_cert == NULL) + { + /* We should always have a server certificate with SSL_kRSA. */ + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); + goto err; + } + if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa=s->session->sess_cert->peer_rsa_tmp; else |