mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 15:55:37 +01:00
Fix verion-major intolerance
This commit is contained in:
parent
c9093085ed
commit
6b1e207081
@ -19,6 +19,7 @@ Bugfix
|
|||||||
statistics
|
statistics
|
||||||
* Fix buf in RSA PKCS#1 v1.5 "reversed" operations
|
* Fix buf in RSA PKCS#1 v1.5 "reversed" operations
|
||||||
* Fixed testing with out-of-source builds using cmake
|
* Fixed testing with out-of-source builds using cmake
|
||||||
|
* Fixed version-major intolerance in server
|
||||||
|
|
||||||
= PolarSSL 1.3.4 released on 2014-01-27
|
= PolarSSL 1.3.4 released on 2014-01-27
|
||||||
Features
|
Features
|
||||||
|
@ -1071,15 +1071,20 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
buf[1], buf[2] ) );
|
buf[1], buf[2] ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSLv3 Client Hello
|
* SSLv3/TLS Client Hello
|
||||||
*
|
*
|
||||||
* Record layer:
|
* Record layer:
|
||||||
* 0 . 0 message type
|
* 0 . 0 message type
|
||||||
* 1 . 2 protocol version
|
* 1 . 2 protocol version
|
||||||
* 3 . 4 message length
|
* 3 . 4 message length
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/* According to RFC 5246 Appendix E.1, the version here is typically
|
||||||
|
* "{03,00}, the lowest version number supported by the client, [or] the
|
||||||
|
* value of ClientHello.client_version", so the only meaningful check here
|
||||||
|
* is the major version shouldn't be less than 3 */
|
||||||
if( buf[0] != SSL_MSG_HANDSHAKE ||
|
if( buf[0] != SSL_MSG_HANDSHAKE ||
|
||||||
buf[1] != SSL_MAJOR_VERSION_3 )
|
buf[1] < SSL_MAJOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
@ -1134,21 +1139,24 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
/*
|
/*
|
||||||
* Check the handshake type and protocol version
|
* Check the handshake type and protocol version
|
||||||
*/
|
*/
|
||||||
if( buf[0] != SSL_HS_CLIENT_HELLO ||
|
if( buf[0] != SSL_HS_CLIENT_HELLO )
|
||||||
buf[4] != SSL_MAJOR_VERSION_3 )
|
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->major_ver = SSL_MAJOR_VERSION_3;
|
ssl->major_ver = buf[4];
|
||||||
ssl->minor_ver = ( buf[5] <= ssl->max_minor_ver )
|
ssl->minor_ver = buf[5];
|
||||||
? buf[5] : ssl->max_minor_ver;
|
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->min_minor_ver )
|
ssl->handshake->max_major_ver = ssl->major_ver;
|
||||||
|
ssl->handshake->max_minor_ver = ssl->minor_ver;
|
||||||
|
|
||||||
|
if( ssl->major_ver < ssl->min_major_ver ||
|
||||||
|
ssl->minor_ver < ssl->min_minor_ver )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||||
" [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver,
|
" [%d:%d] < [%d:%d]",
|
||||||
|
ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->min_major_ver, ssl->min_minor_ver ) );
|
ssl->min_major_ver, ssl->min_minor_ver ) );
|
||||||
|
|
||||||
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
|
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
|
||||||
@ -1157,8 +1165,13 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
return( POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->max_major_ver = buf[4];
|
if( ssl->major_ver > ssl->max_major_ver )
|
||||||
ssl->handshake->max_minor_ver = buf[5];
|
{
|
||||||
|
ssl->major_ver = ssl->max_major_ver;
|
||||||
|
ssl->minor_ver = ssl->max_minor_ver;
|
||||||
|
}
|
||||||
|
else if( ssl->minor_ver > ssl->max_minor_ver )
|
||||||
|
ssl->minor_ver = ssl->max_minor_ver;
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes, buf + 6, 32 );
|
memcpy( ssl->handshake->randbytes, buf + 6, 32 );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user