openssl/ssl/s23_srvr.c - Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: openssl/ssl/s23_srvr.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/

Patch Set: '' Created 8 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: openssl/ssl/s23_srvr.c

===================================================================

--- openssl/ssl/s23_srvr.c (revision 105093)

+++ openssl/ssl/s23_srvr.c (working copy)

@@ -56,7 +56,7 @@

* [including the GNU Public Licence.]

/* ====================================================================

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -116,9 +116,9 @@

#include <openssl/objects.h>

#include <openssl/evp.h>

-static SSL_METHOD *ssl23_get_server_method(int ver);

+static const SSL_METHOD *ssl23_get_server_method(int ver);

int ssl23_get_client_hello(SSL *s);

-static SSL_METHOD *ssl23_get_server_method(int ver)

+static const SSL_METHOD *ssl23_get_server_method(int ver)

{

#ifndef OPENSSL_NO_SSL2

if (ver == SSL2_VERSION)

@@ -393,15 +393,6 @@

}

-#ifdef OPENSSL_FIPS

- if (FIPS_mode() && (s->version < TLS1_VERSION))

- {

- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,

- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);

- goto err;

- }

-#endif

if (s->state == SSL23_ST_SR_CLNT_HELLO_B)

{

/* we have SSLv3/TLSv1 in an SSLv2 header

@@ -412,8 +403,13 @@

v[0] = p[3]; /* == SSL3_VERSION_MAJOR */

v[1] = p[4];

+/* The SSL2 protocol allows n to be larger, just pick

+ * a reasonable buffer size. */

+#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD

+#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small."

+#endif

n=((p[0]&0x7f)<<8)|p[1];

- if (n > (1024*4))

+ if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2)

{

SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);

goto err;

@@ -432,7 +428,9 @@

n2s(p,sil);

n2s(p,cl);

d=(unsigned char *)s->init_buf->data;

- if ((csl+sil+cl+11) != s->packet_length)

+ if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format

+ * Client Hello, can we? Error condition should be

+ * '>' otherweise */

{

SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);

goto err;

@@ -475,6 +473,15 @@

*(d++)=1;

*(d++)=0;

+#if 0

+ /* copy any remaining data with may be extensions */

+ p = p+csl+sil+cl;

+ while (p < s->packet+s->packet_length)

+ {

+ *(d++)=*(p++);

+ }

+#endif

i = (d-(unsigned char *)s->init_buf->data) - 4;

l2n3((long)i, d_len);

@@ -550,6 +557,10 @@

* for SSLv3 */

s->rstate=SSL_ST_READ_HEADER;

s->packet_length=n;

+ if (s->s3->rbuf.buf == NULL)

+ if (!ssl3_setup_read_buffer(s))

+ goto err;

s->packet= &(s->s3->rbuf.buf[0]);

memcpy(s->packet,buf,n);

s->s3->rbuf.left=n;

« no previous file with comments | « openssl/ssl/s23_meth.c ('k') | openssl/ssl/s2_clnt.c » ('j') | no next file with comments »