aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/ssl')
-rw-r--r--openssl/ssl/d1_enc.c6
-rw-r--r--openssl/ssl/d1_pkt.c3
-rw-r--r--openssl/ssl/install.com2
-rw-r--r--openssl/ssl/s2_srvr.c5
-rw-r--r--openssl/ssl/ssl-lib.com67
-rw-r--r--openssl/ssl/t1_lib.c8
6 files changed, 77 insertions, 14 deletions
diff --git a/openssl/ssl/d1_enc.c b/openssl/ssl/d1_enc.c
index 8fa57347a..becbab91c 100644
--- a/openssl/ssl/d1_enc.c
+++ b/openssl/ssl/d1_enc.c
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
+ return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index 1fd58bf59..c10514222 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
goto err;
/* otherwise enc_err == -1 */
- goto err;
+ al=SSL_AD_BAD_RECORD_MAC;
+ goto f_err;
}
#ifdef TLS_DEBUG
diff --git a/openssl/ssl/install.com b/openssl/ssl/install.com
index 7f5606759..fe1d7268e 100644
--- a/openssl/ssl/install.com
+++ b/openssl/ssl/install.com
@@ -43,7 +43,7 @@ $ IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
$
$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
$ E_EXE := ssl_task
-$ LIBS := LIBSSL
+$ LIBS := LIBSSL,LIBSSL32
$
$ XEXE_DIR := [-.'ARCH'.EXE.SSL]
$
diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c
index 947167687..bc885e8e7 100644
--- a/openssl/ssl/s2_srvr.c
+++ b/openssl/ssl/s2_srvr.c
@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
p+=3;
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
- if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ n2s(p,i);
+ if(i > SSL_MAX_KEY_ARG_LENGTH)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
+ s->session->key_arg_length=i;
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index c5ca9e1df..35bdd34de 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -42,6 +42,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB
$!
$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6.
+$! For 32 bit architectures (VAX), P6 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Define A TCP/IP Library That We Will Need To Link To.
$! (That Is, If We Need To Link To One.)
@@ -118,11 +125,11 @@ $ ENDIF
$!
$! Define The Library Name.
$!
-$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$ SSL_LIB := 'EXE_DIR'LIBSSL'LIB32'.OLB
$!
$! Define The CRYPTO-LIB We Are To Use.
$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
$!
$! Check To See What We Are To Do.
$!
@@ -156,7 +163,7 @@ $! Compile The Library.
$!
$ LIBRARY:
$!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library...
$!
$ IF (F$SEARCH(SSL_LIB).EQS."")
$ THEN
@@ -653,6 +660,58 @@ $! End The P5 Check.
$!
$ ENDIF
$!
+$! Check To See If P6 Is Blank.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P6 Is Valid
+$!
+$ IF (P6.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P6.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
$! Check To See If P3 Is Blank.
$!
$ IF (P3.EQS."")
@@ -780,7 +839,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
$!
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index 5cdd7e572..85371c87b 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;