Bugfix: larger message size in ssl3_get_key_exchange() because

ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>

diff --git a/CHANGES b/CHANGES
index 488ad3db06a6795cb8eb41043aeddb5916be8b6b..c969141757f078f83a832bbde193b9a869c17f18 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,12 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
   +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
      bug workarounds. Rollback attack detection is a security feature.
      The problem will only arise on OpenSSL servers when TLSv1 is not

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f93f2772d63c93896c39ec10d985280f0b71ca4a..18133f3da5ae7fd9c7a53d3db13f33e0f2468ccf 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -884,11 +884,17 @@ static int ssl3_get_key_exchange(SSL *s)
        DH *dh=NULL;
 #endif
 
+       /* use same message size as in ssl3_get_certificate_request()
+        * as ServerKeyExchange message may be skipped */
        n=ssl3_get_message(s,
                SSL3_ST_CR_KEY_EXCH_A,
                SSL3_ST_CR_KEY_EXCH_B,
                -1,
-               1024*8, /* ?? */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+               1024*30,  /* 30k max cert list :-) */
+#else
+               1024*100, /* 100k max cert list :-) */
+#endif
                &ok);
 
        if (!ok) return((int)n);