Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
external
mbedtls
Commits
6b1e2070
Commit
6b1e2070
authored
Feb 12, 2014
by
Manuel Pégourié-Gonnard
Browse files
Fix verion-major intolerance
parent
c9093085
Changes
2
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
6b1e2070
...
...
@@ -19,6 +19,7 @@ Bugfix
statistics
* Fix buf in RSA PKCS#1 v1.5 "reversed" operations
* Fixed testing with out-of-source builds using cmake
* Fixed version-major intolerance in server
= PolarSSL 1.3.4 released on 2014-01-27
Features
...
...
library/ssl_srv.c
View file @
6b1e2070
...
...
@@ -1071,15 +1071,20 @@ static int ssl_parse_client_hello( ssl_context *ssl )
buf
[
1
],
buf
[
2
]
)
);
/*
* SSLv3 Client Hello
* SSLv3
/TLS
Client Hello
*
* Record layer:
* 0 . 0 message type
* 1 . 2 protocol version
* 3 . 4 message length
*/
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
* value of ClientHello.client_version", so the only meaningful check here
* is the major version shouldn't be less than 3 */
if
(
buf
[
0
]
!=
SSL_MSG_HANDSHAKE
||
buf
[
1
]
!=
SSL_MAJOR_VERSION_3
)
buf
[
1
]
<
SSL_MAJOR_VERSION_3
)
{
SSL_DEBUG_MSG
(
1
,
(
"bad client hello message"
)
);
return
(
POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO
);
...
...
@@ -1134,21 +1139,24 @@ static int ssl_parse_client_hello( ssl_context *ssl )
/*
* Check the handshake type and protocol version
*/
if
(
buf
[
0
]
!=
SSL_HS_CLIENT_HELLO
||
buf
[
4
]
!=
SSL_MAJOR_VERSION_3
)
if
(
buf
[
0
]
!=
SSL_HS_CLIENT_HELLO
)
{
SSL_DEBUG_MSG
(
1
,
(
"bad client hello message"
)
);
return
(
POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO
);
}
ssl
->
major_ver
=
SSL_MAJOR_VERSION_3
;
ssl
->
minor_ver
=
(
buf
[
5
]
<=
ssl
->
max_minor_ver
)
?
buf
[
5
]
:
ssl
->
max_minor_ver
;
ssl
->
major_ver
=
buf
[
4
];
ssl
->
minor_ver
=
buf
[
5
];
if
(
ssl
->
minor_ver
<
ssl
->
min_minor_ver
)
ssl
->
handshake
->
max_major_ver
=
ssl
->
major_ver
;
ssl
->
handshake
->
max_minor_ver
=
ssl
->
minor_ver
;
if
(
ssl
->
major_ver
<
ssl
->
min_major_ver
||
ssl
->
minor_ver
<
ssl
->
min_minor_ver
)
{
SSL_DEBUG_MSG
(
1
,
(
"client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]"
,
ssl
->
major_ver
,
ssl
->
minor_ver
,
" [%d:%d] < [%d:%d]"
,
ssl
->
major_ver
,
ssl
->
minor_ver
,
ssl
->
min_major_ver
,
ssl
->
min_minor_ver
)
);
ssl_send_alert_message
(
ssl
,
SSL_ALERT_LEVEL_FATAL
,
...
...
@@ -1157,8 +1165,13 @@ static int ssl_parse_client_hello( ssl_context *ssl )
return
(
POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION
);
}
ssl
->
handshake
->
max_major_ver
=
buf
[
4
];
ssl
->
handshake
->
max_minor_ver
=
buf
[
5
];
if
(
ssl
->
major_ver
>
ssl
->
max_major_ver
)
{
ssl
->
major_ver
=
ssl
->
max_major_ver
;
ssl
->
minor_ver
=
ssl
->
max_minor_ver
;
}
else
if
(
ssl
->
minor_ver
>
ssl
->
max_minor_ver
)
ssl
->
minor_ver
=
ssl
->
max_minor_ver
;
memcpy
(
ssl
->
handshake
->
randbytes
,
buf
+
6
,
32
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment