7 files changed, 47 insertions, 25 deletions

diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp
index 244946d88..532c98274 100644
--- a/src/lib/mac/hmac/hmac.cpp
+++ b/src/lib/mac/hmac/hmac.cpp
@@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[])
    m_hash->update(m_ikey);
    }
 
+Key_Length_Specification HMAC::key_spec() const
+   {
+   // Support very long lengths for things like PBKDF2 and the TLS PRF
+   return Key_Length_Specification(0, 4096);
+   }
+
 /*
 * HMAC Key Schedule
 */
diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h
index 253184895..800159432 100644
--- a/src/lib/mac/hmac/hmac.h
+++ b/src/lib/mac/hmac/hmac.h
@@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode
 
       size_t output_length() const override { return m_hash->output_length(); }
 
-      Key_Length_Specification key_spec() const override
-         {
-         // Absurd max length here is to support PBKDF2
-         return Key_Length_Specification(0, 512);
-         }
+      Key_Length_Specification key_spec() const override;
 
       /**
       * @param hash the hash to use for HMACing
diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp
index fc5cf4fd2..675098406 100644
--- a/src/lib/pubkey/dl_group/dl_named.cpp
+++ b/src/lib/pubkey/dl_group/dl_named.cpp
@@ -395,23 +395,28 @@ std::string DL_Group::PEM_for_named_group(const std::string& name)
    if(name == "ffdhe/ietf/4096")
       return
          "-----BEGIN DSA PARAMETERS-----"
-         "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz"
+         "MIIEDAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz"
          "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a"
          "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7"
          "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi"
          "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD"
          "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3"
          "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32"
-         "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu"
-         "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb"
-         "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy"
-         "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY"
-         "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+"
-         "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4"
-         "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO"
-         "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB"
-         "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO"
-         "lbNjFxv//////////wIBAg=="
+         "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e"
+         "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx"
+         "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K"
+         "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CggIAf///"
+         "///////W/CosUV2lTVfuKxATnp547FziwecWm0rU8JsgijIZ/eZJzucSTZ98vpfx"
+         "sbGGOux7QNkBV2IwvWnvj2rq/rKwkhn6j6+DN2hCsbKqnvaNedqria8/q+SazCeG"
+         "OHBzRbvxU0Tteff0OQ74rFCbVvOamFZlJ6QdPL1eBVjBWZJ9sOiEVKXZZHH93LVt"
+         "W7Br+jQOp6FR7xym+lcrdvOxuV2MhYPT5HcFNrhPAX5w5vvxdmAaAmaUGhewyLl/"
+         "TnTCwf/HJ4kZd3lAweH/HY2mN9a5ndr+XhdhEALix3jBvotB2WN5pRNg2Xf9RDWh"
+         "HDCP5+5vGq2dsoyBrd4aem98zgEcMNo35OtzZIO9bI6TSPv79yzGWH1gw2yOV38J"
+         "hMKJyThaCYZJ3iG8onp+oilxa6bpsnlxDzj6pf+uV0FVzk77T3Q2leKRGx0G1eKQ"
+         "y82G9W0O380hauIkJwVeaDX9Ke73ng2Qdx/qzr4S8g6Vs08PeLc3qWGLJvp9vJh0"
+         "8nLEK9tWPq+ha0+2jDux546qgaACQ/qt0r8Y5j04muRDd9oYxXa1DwCWzzQZVIOw"
+         "BUjAmGI247x8uNaAHASUzNGZ5cW9DQ7cnrigAB4VJ2dU/MaFZgVBSObnZL7nx2Ta"
+         "rT/EUjWm2tQo+iDBcONFAD8vMq+1f/////////8CAQI="
          "-----END DSA PARAMETERS-----";
 
    if(name == "ffdhe/ietf/6144")
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 742fee6b5..51040e479 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -403,17 +403,21 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents,
             throw Internal_Error("Expected key agreement key type but got " +
                                  private_key.algo_name());
 
+         std::vector<uint8_t> client_pubkey;
+
+         if(ka_key->algo_name() == "DH")
+            {
+            client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
+            }
+         else
+            {
+            client_pubkey = reader.get_range<uint8_t>(1, 1, 255);
+            }
+
          try
             {
             PK_Key_Agreement ka(*ka_key, rng, "Raw");
 
-            std::vector<uint8_t> client_pubkey;
-
-            if(ka_key->algo_name() == "DH")
-               client_pubkey = reader.get_range<uint8_t>(2, 0, 65535);
-            else
-               client_pubkey = reader.get_range<uint8_t>(1, 0, 255);
-
             secure_vector<uint8_t> shared_secret = ka.derive_key(0, client_pubkey).bits_of();
 
             if(ka_key->algo_name() == "DH")
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index ce19f04c9..0e620a279 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -330,7 +330,13 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
          if(state.version() > state.client_hello()->version())
             {
             throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
-                                "Server replied with later version than in hello");
+                                "Server replied with later version than client offered");
+            }
+
+         if(state.version().major_version() == 3 && state.version().minor_version() == 0)
+            {
+            throw TLS_Exception(Alert::PROTOCOL_VERSION,
+                                "Server attempting to negotiate SSLv3 which is not supported");
             }
 
          if(!policy().acceptable_protocol_version(state.version()))
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 8f13b2c6d..d521f6bf8 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
    {
    uint16_t len = reader.get_uint16_t();
 
-   if(len + 2 != extension_size)
+   if(len + 2 != extension_size || len % 2 == 1 || len == 0)
       throw Decoding_Error("Bad encoding on signature algorithms extension");
 
    while(len)
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index f20e363cf..66a0e0e1d 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state,
    pending_state.client_hello(new Client_Hello(contents));
    const Protocol_Version client_version = pending_state.client_hello()->version();
 
+   if(client_version.major_version() < 3)
+      throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3");
+   if(client_version.major_version() == 3 && client_version.minor_version() == 0)
+      throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported");
+
    Protocol_Version negotiated_version;
 
    const Protocol_Version latest_supported =