- oops wrong patch removed
This commit is contained in:
Tomáš Mráz
parent
9847ab298b
commit
03d2622327
|
|
@ -1,53 +0,0 @@
|
|||
diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c
|
||||
--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100
|
||||
+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200
|
||||
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s
|
||||
timeleft->tv_usec += 1000000;
|
||||
}
|
||||
|
||||
+ /* If remaining time is less than 15 ms, set it to 0
|
||||
+ * to prevent issues because of small devergences with
|
||||
+ * socket timeouts.
|
||||
+ */
|
||||
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
|
||||
+ {
|
||||
+ memset(timeleft, 0, sizeof(struct timeval));
|
||||
+ }
|
||||
+
|
||||
+
|
||||
return timeleft;
|
||||
}
|
||||
|
||||
diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c
|
||||
--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200
|
||||
+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200
|
||||
@@ -667,14 +667,14 @@ again:
|
||||
if (rr->length == 0) goto again;
|
||||
|
||||
/* If this record is from the next epoch (either HM or ALERT),
|
||||
- * buffer it since it cannot be processed at this time. Records
|
||||
- * from the next epoch are marked as received even though they
|
||||
- * are not processed, so as to prevent any potential resource
|
||||
- * DoS attack */
|
||||
+ * and a handshake is currently in progress, buffer it since it
|
||||
+ * cannot be processed at this time. */
|
||||
if (is_next_epoch)
|
||||
{
|
||||
- dtls1_record_bitmap_update(s, bitmap);
|
||||
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
||||
+ if (SSL_in_init(s) || s->in_handshake)
|
||||
+ {
|
||||
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
|
||||
+ }
|
||||
rr->length = 0;
|
||||
s->packet_length = 0;
|
||||
goto again;
|
||||
@@ -809,7 +809,7 @@ start:
|
||||
* buffer the application data for later processing rather
|
||||
* than dropping the connection.
|
||||
*/
|
||||
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
|
||||
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
|
||||
rr->length = 0;
|
||||
goto start;
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
|
||||
--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100
|
||||
+++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200
|
||||
@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
|
||||
{
|
||||
unsigned long ret=0;
|
||||
unsigned char md[16];
|
||||
+ EVP_MD_CTX ctx;
|
||||
|
||||
/* Make sure X509_NAME structure contains valid cached encoding */
|
||||
i2d_X509_NAME(x,NULL);
|
||||
- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
|
||||
+
|
||||
+ EVP_MD_CTX_init(&ctx);
|
||||
+ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
+ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
|
||||
+ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
|
||||
+ && EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
+ EVP_MD_CTX_cleanup(&ctx);
|
||||
|
||||
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
|
||||
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
|
||||
Loading…
Reference in New Issue