/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-0224.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-0224.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Tue Sep 2 22:20:54 2014 UTC (9 years, 9 months ago) by charliebrady
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-31_1_el5_sme, openssl-0_9_8e-33_1_el5_sme, HEAD 
Extracted from openssl-0.9.8e-27.el5_10.4.src.rpm
1 charliebrady 1.1 diff -up openssl-fips-0.9.8e/ssl/ssl3.h.keying-mitm openssl-fips-0.9.8e/ssl/ssl3.h
2     --- openssl-fips-0.9.8e/ssl/ssl3.h.keying-mitm 2014-06-02 15:49:35.036283939 +0200
3     +++ openssl-fips-0.9.8e/ssl/ssl3.h 2014-06-02 17:00:09.808186361 +0200
4     @@ -344,6 +344,7 @@ typedef struct ssl3_buffer_st
5     * effected, but we can't prevent that.
6     */
7     #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
8     +#define SSL3_FLAGS_CCS_OK 0x0080
9    
10     typedef struct ssl3_state_st
11     {
12     diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_clnt.c
13     --- openssl-fips-0.9.8e/ssl/s3_clnt.c.keying-mitm 2014-06-02 15:45:18.346349601 +0200
14     +++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2014-06-02 15:49:35.036283939 +0200
15     @@ -425,6 +425,7 @@ int ssl3_connect(SSL *s)
16     case SSL3_ST_CR_FINISHED_A:
17     case SSL3_ST_CR_FINISHED_B:
18    
19     + s->s3->flags |= SSL3_FLAGS_CCS_OK;
20     ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
21     SSL3_ST_CR_FINISHED_B);
22     if (ret <= 0) goto end;
23     @@ -706,6 +707,7 @@ int ssl3_get_server_hello(SSL *s)
24     SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
25     goto f_err;
26     }
27     + s->s3->flags |= SSL3_FLAGS_CCS_OK;
28     s->hit=1;
29     }
30     else /* a miss or crap from the other end */
31     diff -up openssl-fips-0.9.8e/ssl/s3_pkt.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_pkt.c
32     --- openssl-fips-0.9.8e/ssl/s3_pkt.c.keying-mitm 2014-06-02 15:45:18.375350271 +0200
33     +++ openssl-fips-0.9.8e/ssl/s3_pkt.c 2014-06-02 15:49:35.037283962 +0200
34     @@ -1133,6 +1133,15 @@ start:
35     goto f_err;
36     }
37    
38     + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
39     + {
40     + al=SSL_AD_UNEXPECTED_MESSAGE;
41     + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
42     + goto f_err;
43     + }
44     +
45     + s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
46     +
47     rr->length=0;
48    
49     if (s->msg_callback)
50     @@ -1264,7 +1273,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
51    
52     if (s->s3->tmp.key_block == NULL)
53     {
54     - if (s->session == NULL)
55     + if (s->session == NULL || s->session->master_key_length == 0)
56     {
57     /* might happen if dtls1_read_bytes() calls this */
58     SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
59     diff -up openssl-fips-0.9.8e/ssl/s3_srvr.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_srvr.c
60     --- openssl-fips-0.9.8e/ssl/s3_srvr.c.keying-mitm 2014-06-02 15:45:18.362349971 +0200
61     +++ openssl-fips-0.9.8e/ssl/s3_srvr.c 2014-06-02 15:49:35.037283962 +0200
62     @@ -492,6 +492,7 @@ int ssl3_accept(SSL *s)
63     case SSL3_ST_SR_CERT_VRFY_A:
64     case SSL3_ST_SR_CERT_VRFY_B:
65    
66     + s->s3->flags |= SSL3_FLAGS_CCS_OK;
67     /* we should decide if we expected this one */
68     ret=ssl3_get_cert_verify(s);
69     if (ret <= 0) goto end;
70     @@ -502,6 +503,7 @@ int ssl3_accept(SSL *s)
71    
72     case SSL3_ST_SR_FINISHED_A:
73     case SSL3_ST_SR_FINISHED_B:
74     + s->s3->flags |= SSL3_FLAGS_CCS_OK;
75     ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
76     SSL3_ST_SR_FINISHED_B);
77     if (ret <= 0) goto end;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed