You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.6 KiB
51 lines
1.6 KiB
diff -up openssl-1.0.1e/ssl/s3_clnt.c.ecdh-downgrade openssl-1.0.1e/ssl/s3_clnt.c |
|
--- openssl-1.0.1e/ssl/s3_clnt.c.ecdh-downgrade 2015-01-12 16:37:49.978126895 +0100 |
|
+++ openssl-1.0.1e/ssl/s3_clnt.c 2015-01-12 17:02:01.740959687 +0100 |
|
@@ -1287,6 +1287,8 @@ int ssl3_get_key_exchange(SSL *s) |
|
int encoded_pt_len = 0; |
|
#endif |
|
|
|
+ EVP_MD_CTX_init(&md_ctx); |
|
+ |
|
/* use same message size as in ssl3_get_certificate_request() |
|
* as ServerKeyExchange message may be skipped */ |
|
n=s->method->ssl_get_message(s, |
|
@@ -1297,14 +1299,26 @@ int ssl3_get_key_exchange(SSL *s) |
|
&ok); |
|
if (!ok) return((int)n); |
|
|
|
+ alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
|
+ |
|
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) |
|
{ |
|
+ /* |
|
+ * Can't skip server key exchange if this is an ephemeral |
|
+ * ciphersuite. |
|
+ */ |
|
+ if (alg_k & (SSL_kEDH|SSL_kEECDH)) |
|
+ { |
|
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); |
|
+ al = SSL_AD_UNEXPECTED_MESSAGE; |
|
+ goto f_err; |
|
+ } |
|
#ifndef OPENSSL_NO_PSK |
|
/* In plain PSK ciphersuite, ServerKeyExchange can be |
|
omitted if no identity hint is sent. Set |
|
session->sess_cert anyway to avoid problems |
|
later.*/ |
|
- if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) |
|
+ if (alg_k & SSL_kPSK) |
|
{ |
|
s->session->sess_cert=ssl_sess_cert_new(); |
|
if (s->ctx->psk_identity_hint) |
|
@@ -1347,9 +1361,8 @@ int ssl3_get_key_exchange(SSL *s) |
|
} |
|
|
|
param_len=0; |
|
- alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
|
+ |
|
alg_a=s->s3->tmp.new_cipher->algorithm_auth; |
|
- EVP_MD_CTX_init(&md_ctx); |
|
|
|
#ifndef OPENSSL_NO_PSK |
|
if (alg_k & SSL_kPSK)
|
|
|