List Info

Thread: OpenSSL: OpenSSL_0_9_8-stable: openssl/ssl/ d1_clnt.c d1_srvr.c
OpenSSL: OpenSSL_0_9_8-stable: openssl/ssl/ d1_clnt.c d1_srvr.c
country flaguser name
Germany		 2007-09-30 14:36:32 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Andy
Polyakov
  Root:   /v/openssl/cvs                   Email:  approopenssl.org
  Module: openssl                          Date:  
30-Sep-2007 21:36:32
  Branch: OpenSSL_0_9_8-stable             Handle:
2007093020363200

  Modified files:           (Branch: OpenSSL_0_9_8-stable)
    openssl/ssl             d1_clnt.c d1_srvr.c

  Log:
    DTLS RFC4347 says HelloVerifyRequest resets Finished
MAC. From HEAD with a
    twist: server allows for non-compliant Finished
calculations in order to
    enable interop with pre-0.9.8f.

  Summary:
    Revision    Changes     Path
    1.3.2.9     +4  -2      openssl/ssl/d1_clnt.c
    1.2.2.10    +4  -0      openssl/ssl/d1_srvr.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/ssl/d1_clnt.c
 
============================================================
================
  $ cvs diff -u -r1.3.2.8 -r1.3.2.9 d1_clnt.c
  --- openssl/ssl/d1_clnt.c	30 Sep 2007 19:15:46
-0000	1.3.2.8
  +++ openssl/ssl/d1_clnt.c	30 Sep 2007 19:36:32
-0000	1.3.2.9
   -214,8 +214,6 
   
   			/* don't push the buffering BIO quite yet */
   
  -			ssl3_init_finished_mac(s);
  -
   			s->state=SSL3_ST_CW_CLNT_HELLO_A;
   			s->ctx->stats.sess_connect++;
   			s->init_num=0;
   -227,6 +225,10 
   		case SSL3_ST_CW_CLNT_HELLO_B:
   
   			s->shutdown=0;
  +
  +			/* every DTLS ClientHello resets Finished MAC */
  +			ssl3_init_finished_mac(s);
  +
   			ret=dtls1_client_hello(s);
   			if (ret <= 0) goto end;
   
   .
  patch -p0 <<' .'
  Index: openssl/ssl/d1_srvr.c
 
============================================================
================
  $ cvs diff -u -r1.2.2.9 -r1.2.2.10 d1_srvr.c
  --- openssl/ssl/d1_srvr.c	30 Sep 2007 18:55:59
-0000	1.2.2.9
  +++ openssl/ssl/d1_srvr.c	30 Sep 2007 19:36:32
-0000	1.2.2.10
   -285,6 +285,10 
   			s->d1->send_cookie = 0;
   			s->state=SSL3_ST_SW_FLUSH;
   			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
  +
  +			/* HelloVerifyRequests resets Finished MAC */
  +			if (s->client_version != DTLS1_BAD_VER)
  +				ssl3_init_finished_mac(s);
   			break;
   			
   		case SSL3_ST_SW_SRVR_HELLO_A:
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )