Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
DISCONTINUED:openSUSE:11.1:Update
compat-openssl097g
openssl-CVE-2009-3555.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2009-3555.patch of Package compat-openssl097g
Index: openssl-0.9.7g/ssl/s3_pkt.c =================================================================== --- openssl-0.9.7g.orig/ssl/s3_pkt.c +++ openssl-0.9.7g/ssl/s3_pkt.c @@ -977,6 +977,7 @@ start: if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !s->s3->renegotiate) { ssl3_renegotiate(s); @@ -1109,7 +1110,8 @@ start: if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Index: openssl-0.9.7g/ssl/s3_srvr.c =================================================================== --- openssl-0.9.7g.orig/ssl/s3_srvr.c +++ openssl-0.9.7g/ssl/s3_srvr.c @@ -654,6 +654,14 @@ static int ssl3_get_client_hello(SSL *s) SSL_COMP *comp=NULL; STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session + && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Index: openssl-0.9.7g/ssl/ssl.h =================================================================== --- openssl-0.9.7g.orig/ssl/ssl.h +++ openssl-0.9.7g/ssl/ssl.h @@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 #define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 318 #define SSL_R_NO_SHARED_CIPHER 193 #define SSL_R_NO_VERIFY_CALLBACK 194 #define SSL_R_NULL_SSL_CTX 195 Index: openssl-0.9.7g/ssl/ssl3.h =================================================================== --- openssl-0.9.7g.orig/ssl/ssl3.h +++ openssl-0.9.7g/ssl/ssl3.h @@ -309,10 +309,11 @@ typedef struct ssl3_buffer_st #define SSL3_CT_FORTEZZA_DMS 20 #define SSL3_CT_NUMBER 7 -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 typedef struct ssl3_state_st { Index: openssl-0.9.7g/ssl/ssl_err.c =================================================================== --- openssl-0.9.7g.orig/ssl/ssl_err.c +++ openssl-0.9.7g/ssl/ssl_err.c @@ -330,6 +330,7 @@ static ERR_STRING_DATA SSL_str_reasons[] {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, {SSL_R_NO_PUBLICKEY ,"no publickey"}, +{SSL_R_NO_RENEGOTIATION ,"no renegotiation"}, {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, {SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, {SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor