Update from 0.9.8-stable
authorDr. Stephen Henson <steve@openssl.org>
Fri, 24 Jul 2009 11:15:55 +0000 (11:15 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 24 Jul 2009 11:15:55 +0000 (11:15 +0000)
apps/s_cb.c
crypto/asn1/a_object.c
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c

index 41f789a..3fc73a2 100644 (file)
@@ -338,6 +338,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
        case TLS1_VERSION:
                str_version = "TLS 1.0 ";
                break;
+       case DTLS1_VERSION:
+               str_version = "DTLS 1.0 ";
+               break;
+       case DTLS1_BAD_VER:
+               str_version = "DTLS 1.0 (bad) ";
+               break;
        default:
                str_version = "???";
                }
@@ -403,7 +409,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
                        }
                }
 
-       if (version == SSL3_VERSION || version == TLS1_VERSION)
+       if (version == SSL3_VERSION ||
+           version == TLS1_VERSION ||
+           version == DTLS1_VERSION ||
+           version == DTLS1_BAD_VER)
                {
                switch (content_type)
                        {
@@ -542,6 +551,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
                                case 2:
                                        str_details1 = ", ServerHello";
                                        break;
+                               case 3:
+                                       str_details1 = ", HelloVerifyRequest";
+                                       break;
                                case 11:
                                        str_details1 = ", Certificate";
                                        break;
index f1a5a1e..bd2d5a2 100644 (file)
@@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        const unsigned char *p;
        unsigned char *data;
        int i;
+       /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
+        * X.690 8.19.2
+        */
+       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+               {
+               if (*p == 0x80)
+                       {
+                       ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+                       return NULL;
+                       }
+               }
 
        /* only the ASN1_OBJECTs from the 'table' will have values
         * for ->sn or ->ln */
index d85b3dd..39c2333 100644 (file)
@@ -1327,6 +1327,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INVALID_MIME_TYPE                        205
 #define ASN1_R_INVALID_MODIFIER                                 186
 #define ASN1_R_INVALID_NUMBER                           187
+#define ASN1_R_INVALID_OBJECT_ENCODING                  216
 #define ASN1_R_INVALID_SEPARATOR                        131
 #define ASN1_R_INVALID_TIME_FORMAT                      132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH           133
index 664f158..6e04d08 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -248,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},