diff options
| author | Bodo Möller <bodo@openssl.org> | 2002-04-13 22:47:20 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2002-04-13 22:47:20 +0000 |
| commit | 82b0bf0b8792bdc113cadc04a1f9d40f0e0cfbfc (patch) | |
| tree | 708f5e5cb06a863a90c9742071bae98310b5b980 /ssl/s3_lib.c | |
| parent | 3a7cef3e76aae1ef0d03f50b9e7ebcdf41b30c90 (diff) | |
Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4ccc70b061..686992406c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -994,6 +994,7 @@ void ssl3_free(SSL *s) void ssl3_clear(SSL *s) { unsigned char *rp,*wp; + size_t rlen, wlen; ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) @@ -1009,15 +1010,19 @@ void ssl3_clear(SSL *s) DH_free(s->s3->tmp.dh); #endif - rp=s->s3->rbuf.buf; - wp=s->s3->wbuf.buf; + rp = s->s3->rbuf.buf; + wp = s->s3->wbuf.buf; + rlen = s->s3->rbuf.len; + wlen = s->s3->wbuf.len; EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); memset(s->s3,0,sizeof *s->s3); - if (rp != NULL) s->s3->rbuf.buf=rp; - if (wp != NULL) s->s3->wbuf.buf=wp; + s->s3->rbuf.buf = rp; + s->s3->wbuf.buf = wp; + s->s3->rbuf.len = rlen; + s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); @@ -1609,13 +1614,12 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data=1; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - if ((ret == -1) && (s->s3->in_read_app_data == 0)) + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* ssl3_read_bytes decided to call s->handshake_func, which * called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data - * and thinks that application data makes sense here (signalled - * by resetting 'in_read_app_data', strangely); so disable + * and thinks that application data makes sense here; so disable * handshake processing and try to read application data again. */ s->in_handshake++; ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |