From b4c81fb6dbd1ee884dff681a94bab4ab9ec59377 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 24 Jul 2009 11:15:55 +0000 Subject: [PATCH] Update from 0.9.8-stable --- apps/s_cb.c | 14 +++++++++++++- crypto/asn1/a_object.c | 11 +++++++++++ crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_err.c | 3 ++- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 41f789af48..3fc73a27aa 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -338,6 +338,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case TLS1_VERSION: str_version = "TLS 1.0 "; break; + case DTLS1_VERSION: + str_version = "DTLS 1.0 "; + break; + case DTLS1_BAD_VER: + str_version = "DTLS 1.0 (bad) "; + break; default: str_version = "???"; } @@ -403,7 +409,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } } - if (version == SSL3_VERSION || version == TLS1_VERSION) + if (version == SSL3_VERSION || + version == TLS1_VERSION || + version == DTLS1_VERSION || + version == DTLS1_BAD_VER) { switch (content_type) { @@ -542,6 +551,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 2: str_details1 = ", ServerHello"; break; + case 3: + str_details1 = ", HelloVerifyRequest"; + break; case 11: str_details1 = ", Certificate"; break; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index f1a5a1e31e..bd2d5a2d82 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, const unsigned char *p; unsigned char *data; int i; + /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see: + * X.690 8.19.2 + */ + for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + { + if (*p == 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d85b3dd4a3..39c2333d33 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1327,6 +1327,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INVALID_MIME_TYPE 205 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 664f158bb3..6e04d08f31 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -248,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, -- 2.25.1