diff options
Diffstat (limited to 'openssl/ssl')
-rw-r--r-- | openssl/ssl/d1_enc.c | 6 | ||||
-rw-r--r-- | openssl/ssl/d1_pkt.c | 3 | ||||
-rw-r--r-- | openssl/ssl/install.com | 2 | ||||
-rw-r--r-- | openssl/ssl/s2_srvr.c | 5 | ||||
-rw-r--r-- | openssl/ssl/ssl-lib.com | 67 | ||||
-rw-r--r-- | openssl/ssl/t1_lib.c | 8 |
6 files changed, 77 insertions, 14 deletions
diff --git a/openssl/ssl/d1_enc.c b/openssl/ssl/d1_enc.c index 8fa57347a..becbab91c 100644 --- a/openssl/ssl/d1_enc.c +++ b/openssl/ssl/d1_enc.c @@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index 1fd58bf59..c10514222 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -414,7 +414,8 @@ dtls1_process_record(SSL *s) goto err; /* otherwise enc_err == -1 */ - goto err; + al=SSL_AD_BAD_RECORD_MAC; + goto f_err; } #ifdef TLS_DEBUG diff --git a/openssl/ssl/install.com b/openssl/ssl/install.com index 7f5606759..fe1d7268e 100644 --- a/openssl/ssl/install.com +++ b/openssl/ssl/install.com @@ -43,7 +43,7 @@ $ IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN - $ $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h $ E_EXE := ssl_task -$ LIBS := LIBSSL +$ LIBS := LIBSSL,LIBSSL32 $ $ XEXE_DIR := [-.'ARCH'.EXE.SSL] $ diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c index 947167687..bc885e8e7 100644 --- a/openssl/ssl/s2_srvr.c +++ b/openssl/ssl/s2_srvr.c @@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s) p+=3; n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); s->session->key_arg_length=i; - if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + n2s(p,i); + if(i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } + s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com index c5ca9e1df..35bdd34de 100644 --- a/openssl/ssl/ssl-lib.com +++ b/openssl/ssl/ssl-lib.com @@ -42,6 +42,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6. +$! For 32 bit architectures (VAX), P6 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) @@ -118,11 +125,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB +$ SSL_LIB := 'EXE_DIR'LIBSSL'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB $! $! Check To See What We Are To Do. $! @@ -156,7 +163,7 @@ $! Compile The Library. $! $ LIBRARY: $! -$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library... +$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library... $! $ IF (F$SEARCH(SSL_LIB).EQS."") $ THEN @@ -653,6 +660,58 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check To See If P6 Is Blank. +$! +$ IF (P6.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P6 Is Valid +$! +$ IF (P6.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P6.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P6 Check. +$! +$ ENDIF +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -780,7 +839,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + - "/NOLIST/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS $! diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index 5cdd7e572..85371c87b 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize < 0) { *al = SSL_AD_DECODE_ERROR; @@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } /* Read in request_extensions */ + if (size < 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - if (dsize > size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; |