- fix non-fips mingw build (patch by Kalev Lember)

- add IPV6 fix for DTLS
This commit is contained in:
Tomáš Mráz 2009-11-23 07:54:08 +00:00
parent c9026def03
commit 5845987ab4
3 changed files with 446 additions and 201 deletions

View File

@ -0,0 +1,219 @@
diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c
--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100
@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr)
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
{
OPENSSL_assert(sa.len.s<=sizeof(sa.from));
- sa.len.i = (unsigned int)sa.len.s;
+ sa.len.i = (int)sa.len.s;
+ /* use sa.len.i from this point */
}
if (ret == INVALID_SOCKET)
{
diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100
@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
typedef struct bio_dgram_data_st
{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
- struct sockaddr_storage peer;
-#else
- struct sockaddr_in peer;
+ struct sockaddr_in6 sa_in6;
#endif
+ } peer;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out,
int ret=0;
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ struct {
+ /*
+ * See commentary in b_sock.c. <appro>
+ */
+ union { size_t s; int i; } len;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
- struct sockaddr_storage peer;
-#else
- struct sockaddr_in peer;
+ struct sockaddr_in6 sa_in6;
#endif
- int peerlen = sizeof(peer);
+ } peer;
+ } sa;
+
+ sa.len.s=0;
+ sa.len.i=sizeof(sa.peer);
if (out != NULL)
{
clear_socket_error();
- memset(&peer, 0x00, peerlen);
- /* Last arg in recvfrom is signed on some platforms and
- * unsigned on others. It is of type socklen_t on some
- * but this is not universal. Cast to (void *) to avoid
- * compiler warnings.
- */
+ memset(&sa.peer, 0x00, sizeof(sa.peer));
dgram_adjust_rcv_timeout(b);
- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
+ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+ {
+ OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
+ sa.len.i = (int)sa.len.s;
+ }
dgram_reset_rcv_timeout(b);
if ( ! data->connected && ret >= 0)
- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
BIO_clear_retry_flags(b);
if (ret < 0)
@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
-#if OPENSSL_USE_IPV6
- if (data->peer.ss_family == AF_INET)
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
- else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#endif
-#else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
#endif
BIO_clear_retry_flags(b);
@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd,
else
{
#endif
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
#if 0
}
#endif
@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd,
if ( to != NULL)
{
data->connected = 1;
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
}
else
{
data->connected = 0;
-#if OPENSSL_USE_IPV6
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
-#else
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
-#endif
+ memset(&(data->peer), 0x00, sizeof(data->peer));
}
break;
case BIO_CTRL_DGRAM_GET_PEER:
to = (struct sockaddr *) ptr;
-
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in)));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
- ret = sizeof(struct sockaddr_storage);
-#else
- memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
- ret = sizeof(struct sockaddr_in);
-#endif
+ case AF_INET6:
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6)));
+ break;
+#endif
+ default:
+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa)));
+ break;
+ }
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
-
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
break;
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));

File diff suppressed because it is too large Load Diff

View File

@ -23,7 +23,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0
Release: 0.15.%{beta}%{?dist}
Release: 0.16.%{beta}%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-%{beta}-usa.tar.bz2
@ -67,6 +67,7 @@ Patch60: openssl-1.0.0-beta4-reneg.patch
Patch61: openssl-1.0.0-beta4-client-reneg.patch
Patch62: openssl-1.0.0-beta4-backports.patch
Patch63: openssl-1.0.0-beta4-reneg-err.patch
Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch
License: OpenSSL
Group: System Environment/Libraries
@ -150,6 +151,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch61 -p1 -b .client-reneg
%patch62 -p1 -b .backports
%patch63 -p1 -b .reneg-err
%patch64 -p1 -b .dtls-ipv6
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@ -398,6 +400,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
* Mon Nov 23 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.16.beta4
- fix non-fips mingw build (patch by Kalev Lember)
- add IPV6 fix for DTLS
* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.15.beta4
- add better error reporting for the unsafe renegotiation