From owner-svn-src-stable@FreeBSD.ORG Mon Nov 29 08:44:33 2010 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17E291065670; Mon, 29 Nov 2010 08:44:33 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EF1C68FC13; Mon, 29 Nov 2010 08:44:32 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAT8iWA2016387; Mon, 29 Nov 2010 08:44:32 GMT (envelope-from simon@svn.freebsd.org) Received: (from simon@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAT8iWET016382; Mon, 29 Nov 2010 08:44:32 GMT (envelope-from simon@svn.freebsd.org) Message-Id: <201011290844.oAT8iWET016382@svn.freebsd.org> From: "Simon L. Nielsen" Date: Mon, 29 Nov 2010 08:44:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r216046 - in stable/7/crypto/openssl: crypto/engine ssl X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Nov 2010 08:44:33 -0000 Author: simon Date: Mon Nov 29 08:44:32 2010 New Revision: 216046 URL: http://svn.freebsd.org/changeset/base/216046 Log: Revert some FreeBSD specific changes (mainly made to fix various security issues), and bring us back to using vendor versions of the files. This was already done on head and stable/8. Modified: stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c stable/7/crypto/openssl/ssl/s3_lib.c stable/7/crypto/openssl/ssl/s3_pkt.c stable/7/crypto/openssl/ssl/s3_srvr.c Modified: stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c ============================================================================== --- stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/crypto/engine/eng_cryptodev.c Mon Nov 29 08:44:32 2010 (r216046) @@ -25,7 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ -/* $FreeBSD$ */ #include #include Modified: stable/7/crypto/openssl/ssl/s3_lib.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_lib.c Mon Nov 29 08:44:32 2010 (r216046) @@ -2607,9 +2607,6 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); - if (1) - return(0); - s->s3->renegotiate=1; return(1); } Modified: stable/7/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_pkt.c Mon Nov 29 08:44:32 2010 (r216046) @@ -992,7 +992,9 @@ start: if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - if (0) + if (SSL_is_init_finished(s) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !s->s3->renegotiate) { ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) @@ -1156,7 +1158,8 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { - if (0) + if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Modified: stable/7/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:17:44 2010 (r216045) +++ stable/7/crypto/openssl/ssl/s3_srvr.c Mon Nov 29 08:44:32 2010 (r216046) @@ -738,13 +738,6 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; - if (s->new_session) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method.