jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

- oops wrong patch removed

Browse Source
This commit is contained in:
Tomáš Mráz 2010-06-04 14:16:25 +00:00
parent 9847ab298b
commit 03d2622327
2 changed files with 22 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
openssl-1.0.0-dtls1-backports.patch
View File

@ -1,53 +0,0 @@
diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100
+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
timeleft->tv_usec += 1000000;
}
+ /* If remaining time is less than 15 ms, set it to 0
+ * to prevent issues because of small devergences with
+ * socket timeouts.
+ */
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+ {
+ memset(timeleft, 0, sizeof(struct timeval));
+ }
+
+
return timeleft;
}
diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200
+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200
@@ -667,14 +667,14 @@ again:
if (rr->length == 0) goto again;
/* If this record is from the next epoch (either HM or ALERT),
- * buffer it since it cannot be processed at this time. Records
- * from the next epoch are marked as received even though they
- * are not processed, so as to prevent any potential resource
- * DoS attack */
+ * and a handshake is currently in progress, buffer it since it
+ * cannot be processed at this time. */
if (is_next_epoch)
{
- dtls1_record_bitmap_update(s, bitmap);
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if (SSL_in_init(s) || s->in_handshake)
+ {
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ }
rr->length = 0;
s->packet_length = 0;
goto again;
@@ -809,7 +809,7 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
rr->length = 0;
goto start;
}

22
openssl-1.0.0-name-hash.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100
+++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200
@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
{
unsigned long ret=0;
unsigned char md[16];
+ EVP_MD_CTX ctx;
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x,NULL);
- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
+ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
+ && EVP_DigestFinal_ex(&ctx, md, NULL);
+ EVP_MD_CTX_cleanup(&ctx);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)