/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-0224.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2014-0224.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Sep 2 22:20:54 2014 UTC (10 years, 3 months ago) by charliebrady
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-31_1_el5_sme, openssl-0_9_8e-33_1_el5_sme, HEAD
Extracted from openssl-0.9.8e-27.el5_10.4.src.rpm

1 diff -up openssl-fips-0.9.8e/ssl/ssl3.h.keying-mitm openssl-fips-0.9.8e/ssl/ssl3.h
2 --- openssl-fips-0.9.8e/ssl/ssl3.h.keying-mitm 2014-06-02 15:49:35.036283939 +0200
3 +++ openssl-fips-0.9.8e/ssl/ssl3.h 2014-06-02 17:00:09.808186361 +0200
4 @@ -344,6 +344,7 @@ typedef struct ssl3_buffer_st
5 * effected, but we can't prevent that.
6 */
7 #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
8 +#define SSL3_FLAGS_CCS_OK 0x0080
9
10 typedef struct ssl3_state_st
11 {
12 diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_clnt.c
13 --- openssl-fips-0.9.8e/ssl/s3_clnt.c.keying-mitm 2014-06-02 15:45:18.346349601 +0200
14 +++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2014-06-02 15:49:35.036283939 +0200
15 @@ -425,6 +425,7 @@ int ssl3_connect(SSL *s)
16 case SSL3_ST_CR_FINISHED_A:
17 case SSL3_ST_CR_FINISHED_B:
18
19 + s->s3->flags |= SSL3_FLAGS_CCS_OK;
20 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
21 SSL3_ST_CR_FINISHED_B);
22 if (ret <= 0) goto end;
23 @@ -706,6 +707,7 @@ int ssl3_get_server_hello(SSL *s)
24 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
25 goto f_err;
26 }
27 + s->s3->flags |= SSL3_FLAGS_CCS_OK;
28 s->hit=1;
29 }
30 else /* a miss or crap from the other end */
31 diff -up openssl-fips-0.9.8e/ssl/s3_pkt.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_pkt.c
32 --- openssl-fips-0.9.8e/ssl/s3_pkt.c.keying-mitm 2014-06-02 15:45:18.375350271 +0200
33 +++ openssl-fips-0.9.8e/ssl/s3_pkt.c 2014-06-02 15:49:35.037283962 +0200
34 @@ -1133,6 +1133,15 @@ start:
35 goto f_err;
36 }
37
38 + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
39 + {
40 + al=SSL_AD_UNEXPECTED_MESSAGE;
41 + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
42 + goto f_err;
43 + }
44 +
45 + s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
46 +
47 rr->length=0;
48
49 if (s->msg_callback)
50 @@ -1264,7 +1273,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
51
52 if (s->s3->tmp.key_block == NULL)
53 {
54 - if (s->session == NULL)
55 + if (s->session == NULL || s->session->master_key_length == 0)
56 {
57 /* might happen if dtls1_read_bytes() calls this */
58 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
59 diff -up openssl-fips-0.9.8e/ssl/s3_srvr.c.keying-mitm openssl-fips-0.9.8e/ssl/s3_srvr.c
60 --- openssl-fips-0.9.8e/ssl/s3_srvr.c.keying-mitm 2014-06-02 15:45:18.362349971 +0200
61 +++ openssl-fips-0.9.8e/ssl/s3_srvr.c 2014-06-02 15:49:35.037283962 +0200
62 @@ -492,6 +492,7 @@ int ssl3_accept(SSL *s)
63 case SSL3_ST_SR_CERT_VRFY_A:
64 case SSL3_ST_SR_CERT_VRFY_B:
65
66 + s->s3->flags |= SSL3_FLAGS_CCS_OK;
67 /* we should decide if we expected this one */
68 ret=ssl3_get_cert_verify(s);
69 if (ret <= 0) goto end;
70 @@ -502,6 +503,7 @@ int ssl3_accept(SSL *s)
71
72 case SSL3_ST_SR_FINISHED_A:
73 case SSL3_ST_SR_FINISHED_B:
74 + s->s3->flags |= SSL3_FLAGS_CCS_OK;
75 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
76 SSL3_ST_SR_FINISHED_B);
77 if (ret <= 0) goto end;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed