diff options
| -rw-r--r-- | lib/libssl/s3_clnt.c | 3 | ||||
| -rw-r--r-- | lib/libssl/s3_pkt.c | 8 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 7 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 1 |
4 files changed, 16 insertions, 3 deletions
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 66fb26345ec..60a17ce11b9 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -556,7 +556,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) @@ -895,6 +895,7 @@ ssl3_get_server_hello(SSL *s) SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit = 1; } else { /* a miss or crap from the other end */ diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index f8f31f2a4aa..58d8221fe4c 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1209,6 +1209,14 @@ start: goto f_err; } + /* Check that we should be receiving a Change Cipher Spec. */ + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length = 0; if (s->msg_callback) { diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 948569a156e..552f8290b5f 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -635,6 +635,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); @@ -665,6 +666,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) @@ -735,10 +737,11 @@ ssl3_accept(SSL *s) #ifdef OPENSSL_NO_NEXTPROTONEG s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; #else - if (s->s3->next_proto_neg_seen) + if (s->s3->next_proto_neg_seen) { + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A; - else + } else s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; #endif diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 1d2bc2f5c01..8444ccb57dd 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -370,6 +370,7 @@ typedef struct ssl3_buffer_st { #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us |