lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Forbid extended master secret with SSLv3

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2014-10-24 15:12:31 +02:00
parent dd4592774b
commit b575b54cb9
3 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_cli.c
View File

@@ -365,7 +365,8 @@ static void ssl_write_extended_ms_ext( ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED )
if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
ssl->max_minor_ver == SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;
@@ -816,6 +817,7 @@ static int ssl_parse_extended_ms_ext( ssl_context *ssl,
size_t len )
{
if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
ssl->minor_ver == SSL_MINOR_VERSION_0 ||
len != 0 )
{
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );

8
library/ssl_srv.c
View File

@@ -648,8 +648,11 @@ static int ssl_parse_extended_ms_ext( ssl_context *ssl,
((void) buf);
if( ssl->extended_ms == SSL_EXTENDED_MS_ENABLED )
if( ssl->extended_ms == SSL_EXTENDED_MS_ENABLED &&
ssl->minor_ver != SSL_MINOR_VERSION_0 )
{
ssl->handshake->extended_ms = SSL_EXTENDED_MS_ENABLED;
}
return( 0 );
}
@@ -1686,7 +1689,8 @@ static void ssl_write_extended_ms_ext( ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_DISABLED )
if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_DISABLED ||
ssl->minor_ver == SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;