Date: Mon, 29 Nov 2010 08:44:32 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r216046 - in stable/7/crypto/openssl: crypto/engine ssl Message-ID: <201011290844.oAT8iWET016382@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Mon Nov 29 08:44:32 2010 New Revision: 216046 URL: http://svn.freebsd.org/changeset/base/216046 Log: Revert some FreeBSD specific changes (mainly made to fix various security issues), and bring us back to using vendor versions of the files. This was already done on head and stable/8. Modified: stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c stable/7/crypto/openssl/ssl/s3_lib.c stable/7/crypto/openssl/ssl/s3_pkt.c stable/7/crypto/openssl/ssl/s3_srvr.c Modified: stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c ============================================================================== --- stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:44:32 2010 (r216046) @@ -25,7 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ -/* $FreeBSD$ */ #include <openssl/objects.h> #include <openssl/engine.h> Modified: stable/7/crypto/openssl/ssl/s3_lib.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:44:32 2010 (r216046) @@ -2607,9 +2607,6 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); - if (1) - return(0); - s->s3->renegotiate=1; return(1); } Modified: stable/7/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:44:32 2010 (r216046) @@ -992,7 +992,9 @@ start: if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - if (0) + if (SSL_is_init_finished(s) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !s->s3->renegotiate) { ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) @@ -1156,7 +1158,8 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { - if (0) + if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Modified: stable/7/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:44:32 2010 (r216046) @@ -738,13 +738,6 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; - if (s->new_session) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011290844.oAT8iWET016382>