openssl 0.9.8 mostly done

1 files changed, 33 insertions, 0 deletions

diff --git a/openssl0.9.8/patches/dtls-fragment-alert.patch b/openssl0.9.8/patches/dtls-fragment-alert.patch
new file mode 100644
index 0000000..c538340
--- /dev/null
+++ b/openssl0.9.8/patches/dtls-fragment-alert.patch
@@ -0,0 +1,33 @@
+Index: openssl-0.9.8o/ssl/d1_both.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/d1_both.c	2010-05-03 13:01:59.000000000 +0000
++++ openssl-0.9.8o/ssl/d1_both.c	2012-01-14 21:46:02.000000000 +0000
+@@ -806,7 +806,13 @@
+ 		*ok = 0;
+ 		return i;
+ 		}
+-	OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
++	/* Handshake fails if message header is incomplete */
++	if (i != DTLS1_HM_HEADER_LENGTH)
++		{
++		al=SSL_AD_UNEXPECTED_MESSAGE;
++		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
++		goto f_err;
++		}
+ 
+ 	/* parse the message fragment header */
+ 	dtls1_get_message_header(wire, &msg_hdr);
+@@ -876,7 +882,12 @@
+ 
+ 	/* XDTLS:  an incorrectly formatted fragment should cause the 
+ 	 * handshake to fail */
+-	OPENSSL_assert(i == (int)frag_len);
++	if (i != (int)frag_len)
++		{
++		al=SSL3_AD_ILLEGAL_PARAMETER;
++		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
++		goto f_err;
++		}
+ 
+ 	*ok = 1;
+