diff options
| author | Bodo Möller <bodo@openssl.org> | 1999-08-18 17:14:42 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 1999-08-18 17:14:42 +0000 |
| commit | de1915e48c0be56fadf7c7f1987536e1522df275 (patch) | |
| tree | b6ee009a7e1ec756162cd5f4e50761ca1fe57e2d /ssl/s23_srvr.c | |
| parent | 6e4a3b5529613d2d0f4ae246f4f8fd7d2b8aa536 (diff) | |
| download | openssl-de1915e48c0be56fadf7c7f1987536e1522df275.zip openssl-de1915e48c0be56fadf7c7f1987536e1522df275.tar.gz openssl-de1915e48c0be56fadf7c7f1987536e1522df275.tar.bz2 | |
Fix horrible (and hard to track down) bug in ssl23_get_client_hello:
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
Diffstat (limited to 'ssl/s23_srvr.c')
| -rw-r--r-- | ssl/s23_srvr.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index e4122f2..1a9e5fd 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -195,10 +195,11 @@ int ssl23_get_client_hello(SSL *s) int type=0,use_sslv2_strong=0; int v[2]; - /* read the initial header */ - v[0]=v[1]=0; if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { + /* read the initial header */ + v[0]=v[1]=0; + if (!ssl3_setup_buffers(s)) goto err; n=ssl23_read_bytes(s,7); @@ -244,6 +245,7 @@ int ssl23_get_client_hello(SSL *s) type=1; if (s->options & SSL_OP_NON_EXPORT_FIRST) + /* not only confusing, but broken! */ { STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; @@ -337,6 +339,8 @@ next_bit: /* we have a SSLv3/TLSv1 in a SSLv2 header */ type=2; p=s->packet; + v[0] = p[3]; + v[1] = p[4]; n=((p[0]&0x7f)<<8)|p[1]; if (n > (1024*4)) { |