PR: 1949 (d5e7f2f2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

CHANGES

+8 −0

Original line number	Diff line number	Diff line
		@@ -884,6 +884,14 @@

		Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]

		*) The code that handled flusing of data in SSL/TLS originally used the
		BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
		the problem outlined in PR#1949. The fix suggested there however can
		trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
		of Apache). So instead simplify the code to flush unconditionally.
		This should be fine since flushing with no data to flush is a no op.
		[Steve Henson]

		*) Handle TLS versions 2.0 and later properly and correctly use the
		highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
		off ancient servers have a habit of sticking around for a while...

+5 −9

Original line number	Diff line number	Diff line
		@@ -148,7 +148,6 @@ int dtls1_connect(SSL *s)
		{
		BUF_MEM *buf=NULL;
		unsigned long Time=(unsigned long)time(NULL);
		long num1;
		void (cb)(const SSL ssl,int type,int val)=NULL;
		int ret= -1;
		int new_state,state,skip=0;;
		@@ -511,16 +510,13 @@ int dtls1_connect(SSL *s)
		break;

		case SSL3_ST_CW_FLUSH:
		/* number of bytes to be flushed */
		num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
		if (num1 > 0)
		{
		s->rwstate=SSL_WRITING;
		num1=BIO_flush(s->wbio);
		if (num1 <= 0) { ret= -1; goto end; }
		s->rwstate=SSL_NOTHING;
		if (BIO_flush(s->wbio) <= 0)
		{
		ret= -1;
		goto end;
		}

		s->rwstate=SSL_NOTHING;
		s->state=s->s3->tmp.next_state;
		break;

+6 −10

Original line number	Diff line number	Diff line
		@@ -147,7 +147,6 @@ int dtls1_accept(SSL *s)
		BUF_MEM *buf;
		unsigned long Time=(unsigned long)time(NULL);
		void (cb)(const SSL ssl,int type,int val)=NULL;
		long num1;
		unsigned long alg_k;
		int ret= -1;
		int new_state,state,skip=0;
		@@ -453,17 +452,14 @@ int dtls1_accept(SSL *s)
		s->init_num=0;
		break;

		case SSL3_ST_SW_FLUSH:
		/* number of bytes to be flushed */
		num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
		if (num1 > 0)
		{
		case SSL3_ST_CW_FLUSH:
		s->rwstate=SSL_WRITING;
		num1=BIO_flush(s->wbio);
		if (num1 <= 0) { ret= -1; goto end; }
		s->rwstate=SSL_NOTHING;
		if (BIO_flush(s->wbio) <= 0)
		{
		ret= -1;
		goto end;
		}

		s->rwstate=SSL_NOTHING;
		s->state=s->s3->tmp.next_state;
		break;

+5 −9

Original line number	Diff line number	Diff line
		@@ -184,7 +184,6 @@ int ssl3_connect(SSL *s)
		{
		BUF_MEM *buf=NULL;
		unsigned long Time=(unsigned long)time(NULL);
		long num1;
		void (cb)(const SSL ssl,int type,int val)=NULL;
		int ret= -1;
		int new_state,state,skip=0;
		@@ -520,16 +519,13 @@ int ssl3_connect(SSL *s)
		break;

		case SSL3_ST_CW_FLUSH:
		/* number of bytes to be flushed */
		num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
		if (num1 > 0)
		{
		s->rwstate=SSL_WRITING;
		num1=BIO_flush(s->wbio);
		if (num1 <= 0) { ret= -1; goto end; }
		s->rwstate=SSL_NOTHING;
		if (BIO_flush(s->wbio) <= 0)
		{
		ret= -1;
		goto end;
		}

		s->rwstate=SSL_NOTHING;
		s->state=s->s3->tmp.next_state;
		break;

+2 −2

Original line number	Diff line number	Diff line
		@@ -330,7 +330,7 @@ again:
		#if 0
		fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
		#endif

		fprintf(stderr, "RX version %x, Expecting %x\n", version, s->version);
		/* Lets check version */
		if (!s->first_packet)
		{
		@@ -736,7 +736,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,

		*(p++)=(s->version>>8);
		*(p++)=s->version&0xff;

		fprintf(stderr, "Wrote version %x\n", s->version);
		/* field where we are to write out packet length */
		plen=p;
		p+=2;