~ubuntu-branches/ubuntu/oneiric/openssl/oneiric-security

Viewing changes to ssl/d1_lib.c

Committer: Package Import Robot
Author(s): Steve Beattie
Date: 2011-09-14 22:06:03 UTC
mfrom: (11.1.23 sid)
Revision ID: package-import@ubuntu.com-20110914220603-tsuxw8z3kt4lx9oc

Tags: 1.0.0e-2ubuntu1

* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
  CVE-2011-3210 (LP: #850608). Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification bubble on libssl1.0.0
      upgrade.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
    http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
    0.9.8 variant.
  - debian/patches/Bsymbolic-functions.patch: Link using
    -Bsymbolic-functions.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building.  Patch from Neil Williams.
    + Don't build for processors no longer supported: i486, i586 (on
      i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
* debian/libssl1.0.0.postinst: only display restart notification on
  servers (LP: #244250)

files added:
.pc/block_diginotar.patch

.pc/block_diginotar.patch/crypto

.pc/block_diginotar.patch/crypto/x509

.pc/block_diginotar.patch/crypto/x509/x509_vfy.c

.pc/c_rehash-multi.patch

.pc/c_rehash-multi.patch/tools

.pc/c_rehash-multi.patch/tools/c_rehash.in

.pc/dgst_hmac.patch

.pc/dgst_hmac.patch/apps

.pc/dgst_hmac.patch/apps/dgst.c

.pc/dgst_hmac.patch/doc

.pc/dgst_hmac.patch/doc/apps

.pc/dgst_hmac.patch/doc/apps/dgst.pod

.pc/libdoc-manpgs-pod-spell.patch

.pc/libdoc-manpgs-pod-spell.patch/doc

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/ASN1_generate_nconf.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/BN_BLINDING_new.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/EVP_BytesToKey.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/EVP_EncryptInit.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/EVP_PKEY_cmp.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/X509_STORE_CTX_get_error.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/crypto/pem.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_CTX_set_client_CA_list.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_CTX_set_verify.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_CTX_use_psk_identity_hint.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_accept.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_connect.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_do_handshake.pod

.pc/libdoc-manpgs-pod-spell.patch/doc/ssl/SSL_shutdown.pod

.pc/libssl-misspell.patch

.pc/libssl-misspell.patch/crypto

.pc/libssl-misspell.patch/crypto/asn1

.pc/libssl-misspell.patch/crypto/asn1/asn1_err.c

.pc/openssl-pod-misspell.patch

.pc/openssl-pod-misspell.patch/apps

.pc/openssl-pod-misspell.patch/apps/ca.c

.pc/openssl-pod-misspell.patch/apps/ecparam.c

.pc/openssl-pod-misspell.patch/crypto

.pc/openssl-pod-misspell.patch/crypto/evp

.pc/openssl-pod-misspell.patch/crypto/evp/encode.c

.pc/openssl-pod-misspell.patch/doc

.pc/openssl-pod-misspell.patch/doc/apps

.pc/openssl-pod-misspell.patch/doc/apps/config.pod

.pc/openssl-pod-misspell.patch/doc/apps/genpkey.pod

.pc/openssl-pod-misspell.patch/doc/apps/openssl.pod

.pc/openssl-pod-misspell.patch/doc/apps/req.pod

.pc/openssl-pod-misspell.patch/doc/apps/ts.pod

.pc/openssl-pod-misspell.patch/doc/apps/tsget.pod

.pc/openssl-pod-misspell.patch/doc/apps/x509v3_config.pod

.pc/pkcs12-doc.patch

.pc/pkcs12-doc.patch/doc

.pc/pkcs12-doc.patch/doc/apps

.pc/pkcs12-doc.patch/doc/apps/pkcs12.pod

.pc/pod_ec.misspell.patch

.pc/pod_ec.misspell.patch/doc

.pc/pod_ec.misspell.patch/doc/apps

.pc/pod_ec.misspell.patch/doc/apps/ec.pod

.pc/pod_pksc12.misspell.patch

.pc/pod_pksc12.misspell.patch/doc

.pc/pod_pksc12.misspell.patch/doc/apps

.pc/pod_pksc12.misspell.patch/doc/apps/pkcs12.pod

.pc/pod_req_misspell2.patch

.pc/pod_req_misspell2.patch/doc

.pc/pod_req_misspell2.patch/doc/apps

.pc/pod_req_misspell2.patch/doc/apps/req.pod

.pc/pod_s_server.misspell.patch

.pc/pod_s_server.misspell.patch/doc

.pc/pod_s_server.misspell.patch/doc/apps

.pc/pod_s_server.misspell.patch/doc/apps/s_server.pod

.pc/pod_x509setflags.misspell.patch

.pc/pod_x509setflags.misspell.patch/doc

.pc/pod_x509setflags.misspell.patch/doc/crypto

.pc/pod_x509setflags.misspell.patch/doc/crypto/X509_VERIFY_PARAM_set_flags.pod

.pc/version-script.patch/engines/ccgost

.pc/version-script.patch/engines/ccgost/openssl.ld

Makefile.bak

VMS/install-vms.com

VMS/openssl_startup.com

VMS/openssl_undo.com

apps/install-apps.com

apps/vms_decc_init.c

crypto/install-crypto.com

crypto/vms_rms.h

debian/patches/block_diginotar.patch

debian/patches/c_rehash-multi.patch

debian/patches/dgst_hmac.patch

debian/patches/libdoc-manpgs-pod-spell.patch

debian/patches/libssl-misspell.patch

debian/patches/openssl-pod-misspell.patch

debian/patches/pkcs12-doc.patch

debian/patches/pod_ec.misspell.patch

debian/patches/pod_pksc12.misspell.patch

debian/patches/pod_req_misspell2.patch

debian/patches/pod_s_server.misspell.patch

debian/patches/pod_x509setflags.misspell.patch

engines/ccgost/openssl.ld

ssl/install-ssl.com

test/clean_test.com

files removed:
VMS/install.com

apps/install.com

crypto/install.com

ssl/install.com

files modified:
.pc/Bsymbolic-functions.patch/Configure

.pc/aesni.patch/Configure

.pc/aesni.patch/util/libeay.num

.pc/applied-patches

.pc/config-hurd.patch/config

.pc/engines-path.patch/Configure

.pc/gnu_source.patch/crypto/dso/dso_dlfcn.c

.pc/pic.patch/crypto/perlasm/cbc.pl

.pc/shared-lib-ext.patch/Configure

.pc/version-script.patch/Configure

CHANGES

Configure

INSTALL.VMS

Makefile

NEWS

README

VMS/mkshared.com

apps/CA.com

apps/apps.c

apps/asn1pars.c

apps/ca.c

apps/dgst.c

apps/ecparam.c

apps/enc.c

apps/makeapps.com

apps/openssl.c

apps/pkcs12.c

apps/speed.c

config

crypto/LPdir_vms.c

crypto/alphacpuid.pl

crypto/asn1/a_object.c

crypto/asn1/asn1_err.c

crypto/asn1/bio_ndef.c

crypto/asn1/x_name.c

crypto/bio/b_sock.c

crypto/bio/bss_dgram.c

crypto/bio/bss_log.c

crypto/bn/asm/alpha-mont.pl

crypto/bn/asm/s390x-mont.pl

crypto/bn/bn.h

crypto/bn/bn_gf2m.c

crypto/bn/bn_mont.c

crypto/bn/bn_nist.c

crypto/conf/conf_api.c

crypto/cryptlib.c

crypto/crypto-lib.com

crypto/dsa/dsa_pmeth.c

crypto/dso/dso_dlfcn.c

crypto/dso/dso_vms.c

crypto/ecdsa/ecdsatest.c

crypto/ecdsa/ecs_ossl.c

crypto/evp/encode.c

crypto/evp/evp_test.c

crypto/hmac/hm_pmeth.c

crypto/o_time.c

crypto/ocsp/ocsp_lib.c

crypto/opensslv.h

crypto/perlasm/cbc.pl

crypto/rand/rand_vms.c

crypto/rand/randfile.c

crypto/rsa/rsa_oaep.c

crypto/stack/safestack.h

crypto/x509/x509_vfy.c

debian/changelog

debian/libssl1.0.0.postinst

debian/patches/Bsymbolic-functions.patch

debian/patches/aesni.patch

debian/patches/debian-targets.patch

debian/patches/rehash_pod.patch

debian/patches/series

debian/patches/version-script.patch

debian/rules

doc/apps/c_rehash.pod

doc/apps/config.pod

doc/apps/dgst.pod

doc/apps/ec.pod

doc/apps/genpkey.pod

doc/apps/openssl.pod

doc/apps/pkcs12.pod

doc/apps/req.pod

doc/apps/s_server.pod

doc/apps/ts.pod

doc/apps/tsget.pod

doc/apps/x509v3_config.pod

doc/crypto/ASN1_generate_nconf.pod

doc/crypto/BN_BLINDING_new.pod

doc/crypto/EVP_BytesToKey.pod

doc/crypto/EVP_EncryptInit.pod

doc/crypto/EVP_PKEY_cmp.pod

doc/crypto/X509_STORE_CTX_get_error.pod

doc/crypto/X509_VERIFY_PARAM_set_flags.pod

doc/crypto/pem.pod

doc/ssl/SSL_CTX_set_client_CA_list.pod

doc/ssl/SSL_CTX_set_verify.pod

doc/ssl/SSL_CTX_use_psk_identity_hint.pod

doc/ssl/SSL_accept.pod

doc/ssl/SSL_connect.pod

doc/ssl/SSL_do_handshake.pod

doc/ssl/SSL_shutdown.pod

doc/ssl/ssl.pod

engines/ccgost/gost_crypt.c

engines/e_capi_err.h

engines/makeengines.com

engines/openssl.ld

install.com

makevms.com

ms/uplink.c

openssl.spec

ssl/bio_ssl.c

ssl/d1_both.c

ssl/d1_clnt.c

ssl/d1_lib.c

ssl/d1_pkt.c

ssl/d1_srvr.c

ssl/s3_clnt.c

ssl/s3_lib.c

ssl/s3_pkt.c

ssl/s3_srvr.c

ssl/ssl-lib.com

ssl/ssl_lib.c

test/bntest.com

test/cms-test.pl

test/maketests.com

test/tcrl.com

test/testca.com

test/testenc.com

test/testgen.com

test/tests.com

test/testss.com

test/testssl.com

test/testtsa.com

test/tpkcs7.com

test/tpkcs7d.com

test/treq.com

test/trsa.com

test/tsid.com

test/tverify.com

test/tx509.com

tools/c_rehash.in

util/libeay.num

util/mkdef.pl

util/mkerr.pl

Show diffs side-by-side

added added

removed removed

ssl/d1_lib.c

129

return(1);

130

}

131

132

void dtls1_free(SSL *s)

132

static void dtls1_clear_queues(SSL *s)

133

{

134

pitem *item = NULL;

135

hm_fragment *frag = NULL;

136

137

ssl3_free(s);

136

DTLS1_RECORD_DATA *rdata;

138

137

139

138

while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)

140

139

{

140

rdata = (DTLS1_RECORD_DATA *) item->data;

141

if (rdata->rbuf.buf)

142

{

143

OPENSSL_free(rdata->rbuf.buf);

144

}

141

145

OPENSSL_free(item->data);

142

146

pitem_free(item);

143

147

}

144

pqueue_free(s->d1->unprocessed_rcds.q);

145

148

146

149

while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)

147

150

{

151

rdata = (DTLS1_RECORD_DATA *) item->data;

152

if (rdata->rbuf.buf)

153

{

154

OPENSSL_free(rdata->rbuf.buf);

155

}

148

156

OPENSSL_free(item->data);

149

157

pitem_free(item);

150

158

}

151

pqueue_free(s->d1->processed_rcds.q);

152

159

153

160

while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)

154

161

{

157

164

OPENSSL_free(frag);

158

165

pitem_free(item);

159

166

}

160

pqueue_free(s->d1->buffered_messages);

161

167

162

168

while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)

163

169

{

166

172

OPENSSL_free(frag);

167

173

pitem_free(item);

168

174

}

169

pqueue_free(s->d1->sent_messages);

170

175

171

176

while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)

172

177

{

175

180

OPENSSL_free(frag);

176

181

pitem_free(item);

177

182

}

183

}

184

185

void dtls1_free(SSL *s)

186

{

187

ssl3_free(s);

188

189

dtls1_clear_queues(s);

190

191

pqueue_free(s->d1->unprocessed_rcds.q);

192

pqueue_free(s->d1->processed_rcds.q);

193

pqueue_free(s->d1->buffered_messages);

194

pqueue_free(s->d1->sent_messages);

178

195

pqueue_free(s->d1->buffered_app_data.q);

179

196

180

197

OPENSSL_free(s->d1);

182

199

183

200

void dtls1_clear(SSL *s)

184

201

{

202

pqueue unprocessed_rcds;

203

pqueue processed_rcds;

204

pqueue buffered_messages;

205

pqueue sent_messages;

206

pqueue buffered_app_data;

207

208

if (s->d1)

209

{

210

unprocessed_rcds = s->d1->unprocessed_rcds.q;

211

processed_rcds = s->d1->processed_rcds.q;

212

buffered_messages = s->d1->buffered_messages;

213

sent_messages = s->d1->sent_messages;

214

buffered_app_data = s->d1->buffered_app_data.q;

215

216

dtls1_clear_queues(s);

217

218

memset(s->d1, 0, sizeof(*(s->d1)));

219

220

if (s->server)

221

{

222

s->d1->cookie_len = sizeof(s->d1->cookie);

223

}

224

225

s->d1->unprocessed_rcds.q = unprocessed_rcds;

226

s->d1->processed_rcds.q = processed_rcds;

227

s->d1->buffered_messages = buffered_messages;

228

s->d1->sent_messages = sent_messages;

229

s->d1->buffered_app_data.q = buffered_app_data;

230

}

231

185

232

ssl3_clear(s);

186

233

if (s->options & SSL_OP_CISCO_ANYCONNECT)

187

234

s->version=DTLS1_BAD_VER;

330

377

memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));

331

378

s->d1->timeout_duration = 1;

332

379

BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));

380

/* Clear retransmission buffer */

381

dtls1_clear_record_buffer(s);

333

382

}

334

383

335

384

int dtls1_handle_timeout(SSL *s)

349

398

{

350

399

/* fail the connection, enough alerts have been sent */

351

400

SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);

352

return 0;

401

return -1;

353

402

}

354

403

355

404

state->timeout.read_timeouts++;

Older »