4 files changed, 38 insertions, 34 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index a3ba33548e..60c1236f53 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.41 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -575,20 +575,21 @@ again:
                /* get another record */
        }
-                /* Check whether this is a repeat, or aged record.
+        /*
-                 * Don't check if we're listening and this message is
+         * Check whether this is a repeat, or aged record.
-                 * a ClientHello. They can look as if they're replayed,
+         * Don't check if we're listening and this message is
-                 * since they arrive from different connections and
+         * a ClientHello. They can look as if they're replayed,
-                 * would be dropped unnecessarily.
+         * since they arrive from different connections and
-                 */
+         * would be dropped unnecessarily.
-                if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+         */
-                    p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
+        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-                    !dtls1_record_replay_check(s, bitmap)) {
+            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-                        rr->length = 0;
+            !dtls1_record_replay_check(s, bitmap)) {
-                        s->packet_length=0; /* dump this record */
+                rr->length = 0;
-                        goto again;
+                s->packet_length=0; /* dump this record */
-                        /* get another record */
+                goto again;
-                }
+                /* get another record */
+        }
        /* just read a 0 length packet */
        if (rr->length == 0)
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 1aa39c2863..867e796529 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1407,7 +1407,8 @@ ssl3_send_server_key_exchange(SSL *s)
                        if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
                            (EC_KEY_get0_public_key(ecdh)  == NULL) ||
                            (EC_KEY_get0_private_key(ecdh) == NULL)) {
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,                                         ERR_R_ECDH_LIB);
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                                    ERR_R_ECDH_LIB);
                                goto err;
                        }
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index a3ba33548e..60c1236f53 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.41 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -575,20 +575,21 @@ again:
                /* get another record */
        }
-                /* Check whether this is a repeat, or aged record.
+        /*
-                 * Don't check if we're listening and this message is
+         * Check whether this is a repeat, or aged record.
-                 * a ClientHello. They can look as if they're replayed,
+         * Don't check if we're listening and this message is
-                 * since they arrive from different connections and
+         * a ClientHello. They can look as if they're replayed,
-                 * would be dropped unnecessarily.
+         * since they arrive from different connections and
-                 */
+         * would be dropped unnecessarily.
-                if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+         */
-                    p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
+        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-                    !dtls1_record_replay_check(s, bitmap)) {
+            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-                        rr->length = 0;
+            !dtls1_record_replay_check(s, bitmap)) {
-                        s->packet_length=0; /* dump this record */
+                rr->length = 0;
-                        goto again;
+                s->packet_length=0; /* dump this record */
-                        /* get another record */
+                goto again;
-                }
+                /* get another record */
+        }
        /* just read a 0 length packet */
        if (rr->length == 0)
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 1aa39c2863..867e796529 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1407,7 +1407,8 @@ ssl3_send_server_key_exchange(SSL *s)
                        if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
                            (EC_KEY_get0_public_key(ecdh)  == NULL) ||
                            (EC_KEY_get0_private_key(ecdh) == NULL)) {
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,                                         ERR_R_ECDH_LIB);
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                                    ERR_R_ECDH_LIB);
                                goto err;
                        }

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index a3ba33548e..60c1236f53 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.41 2015/06/13 08:38:10 doug Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -575,20 +575,21 @@ again:
575	/* get another record */	575	/* get another record */
576	}	576	}
577		577
578	/* Check whether this is a repeat, or aged record.	578	/*
579	* Don't check if we're listening and this message is	579	* Check whether this is a repeat, or aged record.
580	* a ClientHello. They can look as if they're replayed,	580	* Don't check if we're listening and this message is
581	* since they arrive from different connections and	581	* a ClientHello. They can look as if they're replayed,
582	* would be dropped unnecessarily.	582	* since they arrive from different connections and
583	*/	583	* would be dropped unnecessarily.
584	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&	584	*/
585	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	585	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
586	!dtls1_record_replay_check(s, bitmap)) {	586	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
587	rr->length = 0;	587	!dtls1_record_replay_check(s, bitmap)) {
588	s->packet_length=0; /* dump this record */	588	rr->length = 0;
589	goto again;	589	s->packet_length=0; /* dump this record */
590	/* get another record */	590	goto again;
591	}	591	/* get another record */
		592	}
592		593
593	/* just read a 0 length packet */	594	/* just read a 0 length packet */
594	if (rr->length == 0)	595	if (rr->length == 0)


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 1aa39c2863..867e796529 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1407,7 +1407,8 @@ ssl3_send_server_key_exchange(SSL *s)
1407	if (((group = EC_KEY_get0_group(ecdh)) == NULL) \|\|	1407	if (((group = EC_KEY_get0_group(ecdh)) == NULL) \|\|
1408	(EC_KEY_get0_public_key(ecdh) == NULL) \|\|	1408	(EC_KEY_get0_public_key(ecdh) == NULL) \|\|
1409	(EC_KEY_get0_private_key(ecdh) == NULL)) {	1409	(EC_KEY_get0_private_key(ecdh) == NULL)) {
1410	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);	1410	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
		1411	ERR_R_ECDH_LIB);
1411	goto err;	1412	goto err;
1412	}	1413	}
1413		1414


diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index a3ba33548e..60c1236f53 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.41 2015/06/13 08:38:10 doug Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.42 2015/06/17 07:29:33 doug Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -575,20 +575,21 @@ again:
575	/* get another record */	575	/* get another record */
576	}	576	}
577		577
578	/* Check whether this is a repeat, or aged record.	578	/*
579	* Don't check if we're listening and this message is	579	* Check whether this is a repeat, or aged record.
580	* a ClientHello. They can look as if they're replayed,	580	* Don't check if we're listening and this message is
581	* since they arrive from different connections and	581	* a ClientHello. They can look as if they're replayed,
582	* would be dropped unnecessarily.	582	* since they arrive from different connections and
583	*/	583	* would be dropped unnecessarily.
584	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&	584	*/
585	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	585	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
586	!dtls1_record_replay_check(s, bitmap)) {	586	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
587	rr->length = 0;	587	!dtls1_record_replay_check(s, bitmap)) {
588	s->packet_length=0; /* dump this record */	588	rr->length = 0;
589	goto again;	589	s->packet_length=0; /* dump this record */
590	/* get another record */	590	goto again;
591	}	591	/* get another record */
		592	}
592		593
593	/* just read a 0 length packet */	594	/* just read a 0 length packet */
594	if (rr->length == 0)	595	if (rr->length == 0)


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 1aa39c2863..867e796529 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.106 2015/06/15 05:32:58 doug Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1407,7 +1407,8 @@ ssl3_send_server_key_exchange(SSL *s)
1407	if (((group = EC_KEY_get0_group(ecdh)) == NULL) \|\|	1407	if (((group = EC_KEY_get0_group(ecdh)) == NULL) \|\|
1408	(EC_KEY_get0_public_key(ecdh) == NULL) \|\|	1408	(EC_KEY_get0_public_key(ecdh) == NULL) \|\|
1409	(EC_KEY_get0_private_key(ecdh) == NULL)) {	1409	(EC_KEY_get0_private_key(ecdh) == NULL)) {
1410	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);	1410	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
		1411	ERR_R_ECDH_LIB);
1411	goto err;	1412	goto err;
1412	}	1413	}
1413		1414