Bugfix: larger message size in ssl3_get_key_exchange() because

ServerKeyExchange message may be skipped. Submitted by: Petr Lampa <lampa@fee.vutbr.cz>
2024-11-24 18:43:34 +08:00 · 2001-08-07 09:30:18 +00:00 · 2001-08-07 09:30:18 +00:00 · 37a7cd1a11
commit 37a7cd1a11
parent 3a2d9c4dd0
2 changed files with 13 additions and 1 deletions
--- a/6
+++ b/6
@ -12,6 +12,12 @@
         *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
         +) applies to 0.9.7 only

+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
  +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
     bug workarounds. Rollback attack detection is a security feature.
     The problem will only arise on OpenSSL servers when TLSv1 is not
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -884,11 +884,17 @@ static int ssl3_get_key_exchange(SSL *s)
 	DH *dh=NULL;
 #endif

+	/* use same message size as in ssl3_get_certificate_request()
+	 * as ServerKeyExchange message may be skipped */
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_KEY_EXCH_A,
 		SSL3_ST_CR_KEY_EXCH_B,
 		-1,
-		1024*8, /* ?? */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+		1024*30,  /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
 		&ok);

 	if (!ok) return((int)n);