Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't

enable disabled ciphersuites.

Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
837f2fc7 · Bodo Möller · 1a489c9a · 837f2fc7 · 837f2fc7
隐藏空白更改
内联并排

Showing with 28 addition and 13 deletion

CHANGES CHANGES +10 -1

ssl/s3_srvr.c ssl/s3_srvr.c +18 -12

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]

  *) Delta CRL support. New use deltas option which will attempt to locate
     and search any appropriate delta CRLs available.
@@ -703,6 +703,15 @@
  *) Change 'Configure' script to enable Camellia by default.
     [NTT]

+ Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
 Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]

  *) Fix a state transitition in s3_srvr.c and d1_srvr.c

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -947,22 +947,28 @@ int ssl3_get_client_hello(SSL *s)
 				break;
 				}
 			}
-		if (j == 0)
+		if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
 			{
-			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+			/* Special case as client bug workaround: the previously used cipher may
+			 * not be in the current list, the client instead might be trying to
+			 * continue using a cipher that before wasn't chosen due to server
+			 * preferences.  We'll have to reject the connection if the cipher is not
+			 * enabled, though. */
+			c = sk_SSL_CIPHER_value(ciphers, 0);
+			if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
 				{
-				/* Very bad for multi-threading.... */
-				s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
-				}
-			else
-				{
-				/* we need to have the cipher in the cipher
-				 * list if we are asked to reuse it */
-				al=SSL_AD_ILLEGAL_PARAMETER;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
-				goto f_err;
+				s->session->cipher = c;
+				j = 1;
 				}
 			}
+		if (j == 0)
+			{
+			/* we need to have the cipher in the cipher
+			 * list if we are asked to reuse it */
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+			goto f_err;
+			}
 		}

 	/* compression */