[openssl-commits] [openssl] master update

Matt Caswell Wed, 11 May 2016 05:46:54 -0700

The branch master has been updated
       via  6e3ff63228c7b74c899b3bbc81e7f11db20956de (commit)
       via  cb21df32296a57150341aaa24131dfc668122df8 (commit)
      from  c1176ebf298ffa0bad0d368bd81aacbb30572a95 (commit)



- Log -----------------------------------------------------------------
commit 6e3ff63228c7b74c899b3bbc81e7f11db20956de
Author: Matt Caswell <m...@openssl.org>
Date:   Wed May 11 11:50:12 2016 +0100

    Make null_compression const
    
    Reviewed-by: Stephen Henson <st...@openssl.org>

commit cb21df32296a57150341aaa24131dfc668122df8
Author: David Benjamin <david...@google.com>
Date:   Sat Mar 5 13:14:11 2016 -0500

    Fix V2ClientHello handling.
    
    The V2ClientHello code creates an empty compression list, but the
    compression list must explicitly contain the null compression (and later
    code enforces this).
    
    RT#4387
    
    Reviewed-by: Stephen Henson <st...@openssl.org>
    Reviewed-by: Matt Caswell <m...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 27f1287..4507357 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -971,6 +971,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET 
*pkt)
     /* |cookie| will only be initialized for DTLS. */
     PACKET session_id, cipher_suites, compression, extensions, cookie;
     int is_v2_record;
+    static const unsigned char null_compression = 0;
 
     is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer);
 
@@ -1096,19 +1097,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, 
PACKET *pkt)
             goto f_err;
         }
 
-        /* Load the client random */
+        /* Load the client random and compression list. */
         challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE :
             challenge_len;
         memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
         if (!PACKET_copy_bytes(&challenge,
                                s->s3->client_random + SSL3_RANDOM_SIZE -
-                               challenge_len, challenge_len)) {
+                               challenge_len, challenge_len)
+            /* Advertise only null compression. */
+            || !PACKET_buf_init(&compression, &null_compression, 1)) {
             SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
             al = SSL_AD_INTERNAL_ERROR;
             goto f_err;
         }
 
-        PACKET_null_init(&compression);
         PACKET_null_init(&extensions);
     } else {
         /* Regular ClientHello. */
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

Reply via email to