- fix non-fips mingw build (patch by Kalev Lember)
- add IPV6 fix for DTLS
This commit is contained in:
Tomáš Mráz
parent
c9026def03
commit
5845987ab4
219
openssl-1.0.0-beta4-dtls-ipv6.patch
Normal file
219
openssl-1.0.0-beta4-dtls-ipv6.patch
Normal file
@ -0,0 +1,219 @@
|
||||
diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c
|
||||
--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100
|
||||
@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr)
|
||||
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
|
||||
{
|
||||
OPENSSL_assert(sa.len.s<=sizeof(sa.from));
|
||||
- sa.len.i = (unsigned int)sa.len.s;
|
||||
+ sa.len.i = (int)sa.len.s;
|
||||
+ /* use sa.len.i from this point */
|
||||
}
|
||||
if (ret == INVALID_SOCKET)
|
||||
{
|
||||
diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
|
||||
--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200
|
||||
+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100
|
||||
@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
|
||||
|
||||
typedef struct bio_dgram_data_st
|
||||
{
|
||||
+ union {
|
||||
+ struct sockaddr sa;
|
||||
+ struct sockaddr_in sa_in;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- struct sockaddr_storage peer;
|
||||
-#else
|
||||
- struct sockaddr_in peer;
|
||||
+ struct sockaddr_in6 sa_in6;
|
||||
#endif
|
||||
+ } peer;
|
||||
unsigned int connected;
|
||||
unsigned int _errno;
|
||||
unsigned int mtu;
|
||||
@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out,
|
||||
int ret=0;
|
||||
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
|
||||
|
||||
+ struct {
|
||||
+ /*
|
||||
+ * See commentary in b_sock.c. <appro>
|
||||
+ */
|
||||
+ union { size_t s; int i; } len;
|
||||
+ union {
|
||||
+ struct sockaddr sa;
|
||||
+ struct sockaddr_in sa_in;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- struct sockaddr_storage peer;
|
||||
-#else
|
||||
- struct sockaddr_in peer;
|
||||
+ struct sockaddr_in6 sa_in6;
|
||||
#endif
|
||||
- int peerlen = sizeof(peer);
|
||||
+ } peer;
|
||||
+ } sa;
|
||||
+
|
||||
+ sa.len.s=0;
|
||||
+ sa.len.i=sizeof(sa.peer);
|
||||
|
||||
if (out != NULL)
|
||||
{
|
||||
clear_socket_error();
|
||||
- memset(&peer, 0x00, peerlen);
|
||||
- /* Last arg in recvfrom is signed on some platforms and
|
||||
- * unsigned on others. It is of type socklen_t on some
|
||||
- * but this is not universal. Cast to (void *) to avoid
|
||||
- * compiler warnings.
|
||||
- */
|
||||
+ memset(&sa.peer, 0x00, sizeof(sa.peer));
|
||||
dgram_adjust_rcv_timeout(b);
|
||||
- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
|
||||
+ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
|
||||
+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
|
||||
+ {
|
||||
+ OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
|
||||
+ sa.len.i = (int)sa.len.s;
|
||||
+ }
|
||||
dgram_reset_rcv_timeout(b);
|
||||
|
||||
if ( ! data->connected && ret >= 0)
|
||||
- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
|
||||
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
if (ret < 0)
|
||||
@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha
|
||||
if ( data->connected )
|
||||
ret=writesocket(b->num,in,inl);
|
||||
else
|
||||
-#if OPENSSL_USE_IPV6
|
||||
- if (data->peer.ss_family == AF_INET)
|
||||
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
|
||||
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
|
||||
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
|
||||
#else
|
||||
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
- else
|
||||
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
|
||||
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
|
||||
-#else
|
||||
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
|
||||
-#endif
|
||||
-#else
|
||||
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
|
||||
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
|
||||
-#else
|
||||
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
|
||||
#endif
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd,
|
||||
else
|
||||
{
|
||||
#endif
|
||||
+ switch (to->sa_family)
|
||||
+ {
|
||||
+ case AF_INET:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
|
||||
+ break;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
|
||||
-#else
|
||||
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
+ case AF_INET6:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
|
||||
+ break;
|
||||
+#endif
|
||||
+ default:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
|
||||
+ break;
|
||||
+ }
|
||||
#if 0
|
||||
}
|
||||
#endif
|
||||
@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd,
|
||||
if ( to != NULL)
|
||||
{
|
||||
data->connected = 1;
|
||||
+ switch (to->sa_family)
|
||||
+ {
|
||||
+ case AF_INET:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
|
||||
+ break;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
|
||||
-#else
|
||||
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
+ case AF_INET6:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
|
||||
+ break;
|
||||
+#endif
|
||||
+ default:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
data->connected = 0;
|
||||
-#if OPENSSL_USE_IPV6
|
||||
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
|
||||
-#else
|
||||
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
+ memset(&(data->peer), 0x00, sizeof(data->peer));
|
||||
}
|
||||
break;
|
||||
case BIO_CTRL_DGRAM_GET_PEER:
|
||||
to = (struct sockaddr *) ptr;
|
||||
-
|
||||
+ switch (to->sa_family)
|
||||
+ {
|
||||
+ case AF_INET:
|
||||
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in)));
|
||||
+ break;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
|
||||
- ret = sizeof(struct sockaddr_storage);
|
||||
-#else
|
||||
- memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
|
||||
- ret = sizeof(struct sockaddr_in);
|
||||
-#endif
|
||||
+ case AF_INET6:
|
||||
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6)));
|
||||
+ break;
|
||||
+#endif
|
||||
+ default:
|
||||
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa)));
|
||||
+ break;
|
||||
+ }
|
||||
break;
|
||||
case BIO_CTRL_DGRAM_SET_PEER:
|
||||
to = (struct sockaddr *) ptr;
|
||||
-
|
||||
+ switch (to->sa_family)
|
||||
+ {
|
||||
+ case AF_INET:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
|
||||
+ break;
|
||||
#if OPENSSL_USE_IPV6
|
||||
- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
|
||||
-#else
|
||||
- memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
|
||||
-#endif
|
||||
+ case AF_INET6:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
|
||||
+ break;
|
||||
+#endif
|
||||
+ default:
|
||||
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
|
||||
+ break;
|
||||
+ }
|
||||
break;
|
||||
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
|
||||
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
|
||||
File diff suppressed because it is too large
Load Diff
@ -23,7 +23,7 @@
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.0
|
||||
Release: 0.15.%{beta}%{?dist}
|
||||
Release: 0.16.%{beta}%{?dist}
|
||||
# We remove certain patented algorithms from the openssl source tarball
|
||||
# with the hobble-openssl script which is included below.
|
||||
Source: openssl-%{version}-%{beta}-usa.tar.bz2
|
||||
@ -67,6 +67,7 @@ Patch60: openssl-1.0.0-beta4-reneg.patch
|
||||
Patch61: openssl-1.0.0-beta4-client-reneg.patch
|
||||
Patch62: openssl-1.0.0-beta4-backports.patch
|
||||
Patch63: openssl-1.0.0-beta4-reneg-err.patch
|
||||
Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -150,6 +151,7 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
%patch61 -p1 -b .client-reneg
|
||||
%patch62 -p1 -b .backports
|
||||
%patch63 -p1 -b .reneg-err
|
||||
%patch64 -p1 -b .dtls-ipv6
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -398,6 +400,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Nov 23 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.16.beta4
|
||||
- fix non-fips mingw build (patch by Kalev Lember)
|
||||
- add IPV6 fix for DTLS
|
||||
|
||||
* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.15.beta4
|
||||
- add better error reporting for the unsafe renegotiation
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user