[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed May 11 12:45:40 UTC 2016
The branch master has been updated
via 6e3ff63228c7b74c899b3bbc81e7f11db20956de (commit)
via cb21df32296a57150341aaa24131dfc668122df8 (commit)
from c1176ebf298ffa0bad0d368bd81aacbb30572a95 (commit)
- Log -----------------------------------------------------------------
commit 6e3ff63228c7b74c899b3bbc81e7f11db20956de
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 11 11:50:12 2016 +0100
Make null_compression const
Reviewed-by: Stephen Henson <steve at openssl.org>
commit cb21df32296a57150341aaa24131dfc668122df8
Author: David Benjamin <davidben at google.com>
Date: Sat Mar 5 13:14:11 2016 -0500
Fix V2ClientHello handling.
The V2ClientHello code creates an empty compression list, but the
compression list must explicitly contain the null compression (and later
code enforces this).
RT#4387
Reviewed-by: Stephen Henson <steve at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 27f1287..4507357 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -971,6 +971,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
/* |cookie| will only be initialized for DTLS. */
PACKET session_id, cipher_suites, compression, extensions, cookie;
int is_v2_record;
+ static const unsigned char null_compression = 0;
is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
@@ -1096,19 +1097,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto f_err;
}
- /* Load the client random */
+ /* Load the client random and compression list. */
challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE :
challenge_len;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
if (!PACKET_copy_bytes(&challenge,
s->s3->client_random + SSL3_RANDOM_SIZE -
- challenge_len, challenge_len)) {
+ challenge_len, challenge_len)
+ /* Advertise only null compression. */
+ || !PACKET_buf_init(&compression, &null_compression, 1)) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
- PACKET_null_init(&compression);
PACKET_null_init(&extensions);
} else {
/* Regular ClientHello. */
More information about the openssl-commits
mailing list