Implement known-IV countermeasure.

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cc2a773a3c4c5417c4b21bba3b5c0755b4e52f64..99b6a869838d603f35848008803f8528c9f75a3c 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -727,7 +727,7 @@ static int ssl3_get_client_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
                goto f_err;
                }
-       if ((i+p) > (d+n))
+       if ((p+i) >= (d+n))
                {
                /* not enough data */
                al=SSL_AD_DECODE_ERROR;
@@ -784,6 +784,13 @@ static int ssl3_get_client_hello(SSL *s)
 
        /* compression */
        i= *(p++);
+       if ((p+i) > (d+n))
+               {
+               /* not enough data */
+               al=SSL_AD_DECODE_ERROR;
+               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+               goto f_err;
+               }
        q=p;
        for (j=0; j<i; j++)
                {
@@ -831,7 +838,7 @@ static int ssl3_get_client_hello(SSL *s)
        /* TLS does not mind if there is extra stuff */
        if (s->version == SSL3_VERSION)
                {
-               if (p > (d+n))
+               if (p < (d+n))
                        {
                        /* wrong number of bytes,
                         * there could be more to follow */
@@ -1557,24 +1564,26 @@ static int ssl3_get_client_key_exchange(SSL *s)
                krb5_timestamp          authtime = 0;
                krb5_ticket_times       ttimes;
 
+               EVP_CIPHER_CTX_init(&ciph_ctx);
+
                 if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
 
                n2s(p,i);
                enc_ticket.length = i;
-               enc_ticket.data = p;
+               enc_ticket.data = (char *)p;
                p+=enc_ticket.length;
 
                n2s(p,i);
                authenticator.length = i;
-               authenticator.data = p;
+               authenticator.data = (char *)p;
                p+=authenticator.length;
 
                n2s(p,i);
                enc_pms.length = i;
-               enc_pms.data = p;
+               enc_pms.data = (char *)p;
                p+=enc_pms.length;
 
-               if ((unsigned long)n != enc_ticket.length + authenticator.length +
+               if (n != enc_ticket.length + authenticator.length +
                                                enc_pms.length + 6)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -1636,7 +1645,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        goto err;
                        }
                if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
-                                       enc_pms.data, enc_pms.length))
+                                       (unsigned char *)enc_pms.data, enc_pms.length))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);