aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2012-01-27 20:31:28 +0100
committermarha <marha@users.sourceforge.net>2012-01-27 20:31:28 +0100
commitc6a1477b0092762299491d79b3a8cb094c6456da (patch)
tree8458d152a6d4cecd8b2d88f3e7e6950128a53fb7 /openssl/ssl/s3_srvr.c
parenteb4c088eb71f93b9639f4ff651523d794f1433f7 (diff)
downloadvcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.tar.gz
vcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.tar.bz2
vcxsrv-c6a1477b0092762299491d79b3a8cb094c6456da.zip
update to openssl 1.0.0g
Diffstat (limited to 'openssl/ssl/s3_srvr.c')
-rw-r--r--openssl/ssl/s3_srvr.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index c3b5ff33f..d734c359f 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s)
}
s->init_num=0;
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s)
int ok;
long n;
+ /* We only allow the client to restart the handshake once per
+ * negotiation. */
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+ return -1;
+ }
+
/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
n=s->method->ssl_get_message(s,
@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.ecdh = NULL;
}
#endif
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return 2;
}
return 1;
@@ -2130,6 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (i <= 0)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+ BN_clear_free(pub);
goto err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 20:36:58 +0000