subject:"Fix for openssl bug #2240"

Re: Fix for openssl bug #2240

2011-09-23 Thread viq

I was told the diff got mangled, so here's another attempt.
--
viq

Index: t1_lib.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.8
diff -u -d -r1.8 t1_lib.c
--- t1_lib.c10 Feb 2011 22:40:27 -  1.8
+++ t1_lib.c23 Sep 2011 19:38:13 -
@@ -1453,23 +1453,20 @@
int al = SSL_AD_UNRECOGNIZED_NAME;

 #ifndef OPENSSL_NO_EC
-   /* If we are client and using an elliptic curve cryptography cipher 
suite,
then server
-* must return a an EC point formats lists containing uncompressed.
+   /* If we are client and using an elliptic curve cryptography cipher
+* suite, then if server returns an EC point formats lists extension
+* it must contain uncompressed.
 */
unsigned long alg_k = s-s3-tmp.new_cipher-algorithm_mkey;
unsigned long alg_a = s-s3-tmp.new_cipher-algorithm_auth;
if ((s-tlsext_ecpointformatlist != NULL) 
(s-tlsext_ecpointformatlist_length  0) 
+   (s-session-tlsext_ecpointformatlist != NULL) 
(s-session-tlsext_ecpointformatlist_length  0) 
((alg_k  (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a  
SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
int found_uncompressed = 0;
-   if ((s-session-tlsext_ecpointformatlist == NULL) ||
(s-session-tlsext_ecpointformatlist_length == 0))
-   {
-
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIS
T);
-   return -1;
-   }
list = s-session-tlsext_ecpointformatlist;
for (i = 0; i  s-session-tlsext_ecpointformatlist_length; 
i++)
{

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Fix for openssl bug #2240

2011-09-23 Thread viq

Argh, maybe this time...
--
viq

Index: t1_lib.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.8
diff -u -d -r1.8 t1_lib.c
--- t1_lib.c10 Feb 2011 22:40:27 -  1.8
+++ t1_lib.c23 Sep 2011 19:38:13 -
@@ -1453,23 +1453,20 @@
int al = SSL_AD_UNRECOGNIZED_NAME;

 #ifndef OPENSSL_NO_EC
-   /* If we are client and using an elliptic curve cryptography cipher 
suite,
then server
-* must return a an EC point formats lists containing uncompressed.
+   /* If we are client and using an elliptic curve cryptography cipher
+* suite, then if server returns an EC point formats lists extension
+* it must contain uncompressed.
 */
unsigned long alg_k = s-s3-tmp.new_cipher-algorithm_mkey;
unsigned long alg_a = s-s3-tmp.new_cipher-algorithm_auth;
if ((s-tlsext_ecpointformatlist != NULL) 
(s-tlsext_ecpointformatlist_length  0) 
+   (s-session-tlsext_ecpointformatlist != NULL) 
(s-session-tlsext_ecpointformatlist_length  0) 
((alg_k  (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a  
SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
int found_uncompressed = 0;
-   if ((s-session-tlsext_ecpointformatlist == NULL) ||
(s-session-tlsext_ecpointformatlist_length == 0))
-   {
-
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIS
T);
-   return -1;
-   }
list = s-session-tlsext_ecpointformatlist;
for (i = 0; i  s-session-tlsext_ecpointformatlist_length; 
i++)
{

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Fix for openssl bug #2240

2011-09-23 Thread viq

Apologies, if it doesn't work this last time I give up...
-- 
viq


Index: t1_lib.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.8
diff -u -d -r1.8 t1_lib.c
--- t1_lib.c10 Feb 2011 22:40:27 -  1.8
+++ t1_lib.c23 Sep 2011 19:38:13 -
@@ -1453,23 +1453,20 @@
int al = SSL_AD_UNRECOGNIZED_NAME;
 
 #ifndef OPENSSL_NO_EC
-   /* If we are client and using an elliptic curve cryptography cipher 
suite, then server
-* must return a an EC point formats lists containing uncompressed.
+   /* If we are client and using an elliptic curve cryptography cipher
+* suite, then if server returns an EC point formats lists extension
+* it must contain uncompressed.
 */
unsigned long alg_k = s-s3-tmp.new_cipher-algorithm_mkey;
unsigned long alg_a = s-s3-tmp.new_cipher-algorithm_auth;
if ((s-tlsext_ecpointformatlist != NULL)  
(s-tlsext_ecpointformatlist_length  0)  
+   (s-session-tlsext_ecpointformatlist != NULL)  
(s-session-tlsext_ecpointformatlist_length  0)  
((alg_k  (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a  
SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
int found_uncompressed = 0;
-   if ((s-session-tlsext_ecpointformatlist == NULL) || 
(s-session-tlsext_ecpointformatlist_length == 0))
-   {
-   
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-   return -1;
-   }
list = s-session-tlsext_ecpointformatlist;
for (i = 0; i  s-session-tlsext_ecpointformatlist_length; 
i++)
{

Fix for openssl bug #2240

2011-09-17 Thread viq

http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest

This affects us, I noticed when I had problems connecting with gajim to
a certain server using TLS. Below patch lifted from openssl CVS fixes
this.

On a different note, we still have openssl 1.0.0a when OpenSSL 1.0.0e
is now available, including important bug and security fixes.
-- 
viq

Index: src/ssl/t1_lib.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v
retrieving revision 1.8
diff -u -d -r1.8 t1_lib.c
--- src/ssl/t1_lib.c10 Feb 2011 22:40:27 -  1.8
+++ src/ssl/t1_lib.c17 Sep 2011 20:57:50 -
@@ -1453,23 +1453,20 @@
int al = SSL_AD_UNRECOGNIZED_NAME;
 
 #ifndef OPENSSL_NO_EC
-   /* If we are client and using an elliptic curve cryptography cipher 
suite, then server
-* must return a an EC point formats lists containing uncompressed.
+   /* If we are client and using an elliptic curve cryptography cipher
+* suite, then if server returns an EC point formats lists extension
+* it must contain uncompressed.
 */
unsigned long alg_k = s-s3-tmp.new_cipher-algorithm_mkey;
unsigned long alg_a = s-s3-tmp.new_cipher-algorithm_auth;
if ((s-tlsext_ecpointformatlist != NULL)  
(s-tlsext_ecpointformatlist_length  0)  
+   (s-session-tlsext_ecpointformatlist != NULL)  
(s-session-tlsext_ecpointformatlist_length  0)  
((alg_k  (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a  
SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
int found_uncompressed = 0;
-   if ((s-session-tlsext_ecpointformatlist == NULL) || 
(s-session-tlsext_ecpointformatlist_length == 0))
-   {
-   
SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-   return -1;
-   }
list = s-session-tlsext_ecpointformatlist;
for (i = 0; i  s-session-tlsext_ecpointformatlist_length; 
i++)
{

Re: Fix for openssl bug #2240

Re: Fix for openssl bug #2240

Re: Fix for openssl bug #2240

Fix for openssl bug #2240

4 matches

Site Navigation

Mail list logo

Footer information