- oops wrong patch removed

2010-06-04 14:16:25 +00:00 · 2010-06-04 14:16:25 +00:00 · 03d2622327
commit 03d2622327
parent 9847ab298b
2 changed files with 22 additions and 53 deletions
--- a/openssl-1.0.0-dtls1-backports.patch
+++ b/openssl-1.0.0-dtls1-backports.patch
@ -1,53 +0,0 @@
-diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
--- openssl-1.0.0/ssl/d1_lib.c.dtls1	2009-12-08 12:38:17.000000000 +0100
-+++ openssl-1.0.0/ssl/d1_lib.c	2010-04-09 16:29:49.000000000 +0200
-@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
- 		timeleft->tv_usec += 1000000;
- 		}
- 
-+	/* If remaining time is less than 15 ms, set it to 0
-+	 * to prevent issues because of small devergences with
-+	 * socket timeouts.
-+	 */
-+	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
-+		{
-+		memset(timeleft, 0, sizeof(struct timeval));
-+		}
-+	
-+
- 	return timeleft;
- 	}
- 
-diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
--- openssl-1.0.0/ssl/d1_pkt.c.dtls1	2009-10-04 18:52:35.000000000 +0200
-+++ openssl-1.0.0/ssl/d1_pkt.c	2010-04-09 16:30:49.000000000 +0200
-@@ -667,14 +667,14 @@ again:
- 	if (rr->length == 0) goto again;
- 
- 	/* If this record is from the next epoch (either HM or ALERT),
-	 * buffer it since it cannot be processed at this time. Records
-	 * from the next epoch are marked as received even though they
-	 * are not processed, so as to prevent any potential resource
-	 * DoS attack */
-+	 * and a handshake is currently in progress, buffer it since it
-+	 * cannot be processed at this time. */
- 	if (is_next_epoch)
- 		{
-		dtls1_record_bitmap_update(s, bitmap);
-		dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
-+		if (SSL_in_init(s) || s->in_handshake)
-+			{
-+			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
-+			}
- 		rr->length = 0;
- 		s->packet_length = 0;
- 		goto again;
-@@ -809,7 +809,7 @@ start:
- 		 * buffer the application data for later processing rather
- 		 * than dropping the connection.
- 		 */
-		dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
-+		dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
- 		rr->length = 0;
- 		goto start;
- 		}
--- a/openssl-1.0.0-name-hash.patch
+++ b/openssl-1.0.0-name-hash.patch
@ -0,0 +1,22 @@
+diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
+--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash	2010-01-12 18:27:10.000000000 +0100
+++ openssl-1.0.0/crypto/x509/x509_cmp.c	2010-04-06 16:44:52.000000000 +0200
+@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
+ 	{
+ 	unsigned long ret=0;
+ 	unsigned char md[16];
+	EVP_MD_CTX ctx; 
+ 
+ 	/* Make sure X509_NAME structure contains valid cached encoding */
+ 	i2d_X509_NAME(x,NULL);
+-	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
+		&& EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
+		&& EVP_DigestFinal_ex(&ctx, md, NULL);
+	EVP_MD_CTX_cleanup(&ctx);
+ 
+ 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+ 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)