Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src sync with 0.9.6f. prevents DoS attack and regen of manpages.
details: https://anonhg.NetBSD.org/src/rev/83f8807a0b3b
branches: trunk
changeset: 535034:83f8807a0b3b
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Aug 08 23:47:34 2002 +0000
description:
sync with 0.9.6f. prevents DoS attack and regen of manpages.
diffstat:
crypto/dist/openssl/CHANGES | 11 ++-
crypto/dist/openssl/FAQ | 2 +-
crypto/dist/openssl/crypto/cryptlib.c | 8 --
crypto/dist/openssl/crypto/cryptlib.h | 4 -
crypto/dist/openssl/ssl/s2_clnt.c | 41 +++++++++--
crypto/dist/openssl/ssl/s2_lib.c | 32 +++++++--
crypto/dist/openssl/ssl/s2_srvr.c | 58 +++++++++++++----
crypto/dist/openssl/ssl/s3_clnt.c | 6 +-
crypto/dist/openssl/ssl/s3_srvr.c | 6 +-
crypto/dist/openssl/ssl/ssl.h | 6 +
crypto/dist/openssl/ssl/ssl_asn1.c | 5 +-
crypto/dist/openssl/ssl/ssl_err.c | 6 +
crypto/dist/openssl/ssl/ssl_locl.h | 2 +-
crypto/dist/openssl/ssl/ssl_sess.c | 7 +-
lib/libcrypto/man/BIO_ctrl.3 | 6 +-
lib/libcrypto/man/BIO_f_base64.3 | 6 +-
lib/libcrypto/man/BIO_f_buffer.3 | 6 +-
lib/libcrypto/man/BIO_f_cipher.3 | 6 +-
lib/libcrypto/man/BIO_f_md.3 | 6 +-
lib/libcrypto/man/BIO_f_null.3 | 6 +-
lib/libcrypto/man/BIO_f_ssl.3 | 6 +-
lib/libcrypto/man/BIO_find_type.3 | 6 +-
lib/libcrypto/man/BIO_new.3 | 6 +-
lib/libcrypto/man/BIO_new_bio_pair.3 | 6 +-
lib/libcrypto/man/BIO_push.3 | 6 +-
lib/libcrypto/man/BIO_read.3 | 6 +-
lib/libcrypto/man/BIO_s_accept.3 | 6 +-
lib/libcrypto/man/BIO_s_bio.3 | 6 +-
lib/libcrypto/man/BIO_s_connect.3 | 6 +-
lib/libcrypto/man/BIO_s_fd.3 | 6 +-
lib/libcrypto/man/BIO_s_file.3 | 6 +-
lib/libcrypto/man/BIO_s_mem.3 | 6 +-
lib/libcrypto/man/BIO_s_null.3 | 6 +-
lib/libcrypto/man/BIO_s_socket.3 | 6 +-
lib/libcrypto/man/BIO_set_callback.3 | 6 +-
lib/libcrypto/man/BIO_should_retry.3 | 6 +-
lib/libcrypto/man/BN_CTX_new.3 | 6 +-
lib/libcrypto/man/BN_CTX_start.3 | 6 +-
lib/libcrypto/man/BN_add.3 | 6 +-
lib/libcrypto/man/BN_add_word.3 | 6 +-
lib/libcrypto/man/BN_bn2bin.3 | 6 +-
lib/libcrypto/man/BN_cmp.3 | 6 +-
lib/libcrypto/man/BN_copy.3 | 6 +-
lib/libcrypto/man/BN_generate_prime.3 | 6 +-
lib/libcrypto/man/BN_mod_inverse.3 | 6 +-
lib/libcrypto/man/BN_mod_mul_montgomery.3 | 6 +-
lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 6 +-
lib/libcrypto/man/BN_new.3 | 6 +-
lib/libcrypto/man/BN_num_bytes.3 | 6 +-
lib/libcrypto/man/BN_rand.3 | 6 +-
lib/libcrypto/man/BN_set_bit.3 | 6 +-
lib/libcrypto/man/BN_zero.3 | 6 +-
lib/libcrypto/man/CRYPTO_set_ex_data.3 | 6 +-
lib/libcrypto/man/DH_generate_key.3 | 6 +-
lib/libcrypto/man/DH_generate_parameters.3 | 6 +-
lib/libcrypto/man/DH_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/DH_new.3 | 6 +-
lib/libcrypto/man/DH_set_method.3 | 6 +-
lib/libcrypto/man/DH_size.3 | 6 +-
lib/libcrypto/man/DSA_SIG_new.3 | 6 +-
lib/libcrypto/man/DSA_do_sign.3 | 6 +-
lib/libcrypto/man/DSA_dup_DH.3 | 6 +-
lib/libcrypto/man/DSA_generate_key.3 | 6 +-
lib/libcrypto/man/DSA_generate_parameters.3 | 6 +-
lib/libcrypto/man/DSA_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/DSA_new.3 | 6 +-
lib/libcrypto/man/DSA_set_method.3 | 6 +-
lib/libcrypto/man/DSA_sign.3 | 6 +-
lib/libcrypto/man/DSA_size.3 | 6 +-
lib/libcrypto/man/ERR_GET_LIB.3 | 6 +-
lib/libcrypto/man/ERR_clear_error.3 | 6 +-
lib/libcrypto/man/ERR_error_string.3 | 6 +-
lib/libcrypto/man/ERR_get_error.3 | 6 +-
lib/libcrypto/man/ERR_load_crypto_strings.3 | 6 +-
lib/libcrypto/man/ERR_load_strings.3 | 6 +-
lib/libcrypto/man/ERR_print_errors.3 | 6 +-
lib/libcrypto/man/ERR_put_error.3 | 6 +-
lib/libcrypto/man/ERR_remove_state.3 | 6 +-
lib/libcrypto/man/EVP_DigestInit.3 | 6 +-
lib/libcrypto/man/EVP_EncryptInit.3 | 6 +-
lib/libcrypto/man/EVP_OpenInit.3 | 6 +-
lib/libcrypto/man/EVP_SealInit.3 | 6 +-
lib/libcrypto/man/EVP_SignInit.3 | 6 +-
lib/libcrypto/man/EVP_VerifyInit.3 | 6 +-
lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 6 +-
lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 6 +-
lib/libcrypto/man/RAND_add.3 | 6 +-
lib/libcrypto/man/RAND_bytes.3 | 6 +-
lib/libcrypto/man/RAND_cleanup.3 | 6 +-
lib/libcrypto/man/RAND_egd.3 | 6 +-
lib/libcrypto/man/RAND_load_file.3 | 6 +-
lib/libcrypto/man/RAND_set_rand_method.3 | 6 +-
lib/libcrypto/man/RSA_blinding_on.3 | 6 +-
lib/libcrypto/man/RSA_check_key.3 | 6 +-
lib/libcrypto/man/RSA_generate_key.3 | 6 +-
lib/libcrypto/man/RSA_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/RSA_new.3 | 6 +-
lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 | 6 +-
lib/libcrypto/man/RSA_print.3 | 6 +-
lib/libcrypto/man/RSA_private_encrypt.3 | 6 +-
lib/libcrypto/man/RSA_public_encrypt.3 | 6 +-
lib/libcrypto/man/RSA_set_method.3 | 6 +-
lib/libcrypto/man/RSA_sign.3 | 6 +-
lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 | 6 +-
lib/libcrypto/man/RSA_size.3 | 6 +-
lib/libcrypto/man/SSL_CIPHER_get_name.3 | 6 +-
lib/libcrypto/man/SSL_COMP_add_compression_method.3 | 6 +-
lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 | 6 +-
lib/libcrypto/man/SSL_CTX_add_session.3 | 6 +-
lib/libcrypto/man/SSL_CTX_ctrl.3 | 6 +-
lib/libcrypto/man/SSL_CTX_flush_sessions.3 | 6 +-
lib/libcrypto/man/SSL_CTX_free.3 | 6 +-
lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/SSL_CTX_get_verify_mode.3 | 6 +-
lib/libcrypto/man/SSL_CTX_load_verify_locations.3 | 6 +-
lib/libcrypto/man/SSL_CTX_new.3 | 6 +-
lib/libcrypto/man/SSL_CTX_sess_number.3 | 6 +-
lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 | 6 +-
lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 | 6 +-
lib/libcrypto/man/SSL_CTX_sessions.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_cert_store.3 | 8 +-
lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_cipher_list.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 | 54 +++++++---------
lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_info_callback.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_mode.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_options.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_session_id_context.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_ssl_version.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_timeout.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 | 6 +-
lib/libcrypto/man/SSL_CTX_set_verify.3 | 6 +-
lib/libcrypto/man/SSL_CTX_use_certificate.3 | 6 +-
lib/libcrypto/man/SSL_SESSION_free.3 | 6 +-
lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/SSL_SESSION_get_time.3 | 6 +-
lib/libcrypto/man/SSL_accept.3 | 6 +-
lib/libcrypto/man/SSL_alert_type_string.3 | 6 +-
lib/libcrypto/man/SSL_clear.3 | 6 +-
lib/libcrypto/man/SSL_connect.3 | 6 +-
lib/libcrypto/man/SSL_do_handshake.3 | 6 +-
lib/libcrypto/man/SSL_free.3 | 6 +-
lib/libcrypto/man/SSL_get_SSL_CTX.3 | 6 +-
lib/libcrypto/man/SSL_get_ciphers.3 | 6 +-
lib/libcrypto/man/SSL_get_client_CA_list.3 | 6 +-
lib/libcrypto/man/SSL_get_current_cipher.3 | 6 +-
lib/libcrypto/man/SSL_get_default_timeout.3 | 6 +-
lib/libcrypto/man/SSL_get_error.3 | 6 +-
lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 6 +-
lib/libcrypto/man/SSL_get_ex_new_index.3 | 6 +-
lib/libcrypto/man/SSL_get_fd.3 | 6 +-
lib/libcrypto/man/SSL_get_peer_cert_chain.3 | 6 +-
lib/libcrypto/man/SSL_get_peer_certificate.3 | 6 +-
lib/libcrypto/man/SSL_get_rbio.3 | 6 +-
lib/libcrypto/man/SSL_get_session.3 | 6 +-
lib/libcrypto/man/SSL_get_verify_result.3 | 6 +-
lib/libcrypto/man/SSL_get_version.3 | 6 +-
lib/libcrypto/man/SSL_library_init.3 | 6 +-
lib/libcrypto/man/SSL_load_client_CA_file.3 | 6 +-
lib/libcrypto/man/SSL_new.3 | 6 +-
lib/libcrypto/man/SSL_pending.3 | 6 +-
lib/libcrypto/man/SSL_read.3 | 6 +-
lib/libcrypto/man/SSL_rstate_string.3 | 6 +-
lib/libcrypto/man/SSL_session_reused.3 | 6 +-
lib/libcrypto/man/SSL_set_bio.3 | 6 +-
lib/libcrypto/man/SSL_set_connect_state.3 | 6 +-
lib/libcrypto/man/SSL_set_fd.3 | 6 +-
lib/libcrypto/man/SSL_set_session.3 | 6 +-
lib/libcrypto/man/SSL_set_shutdown.3 | 6 +-
lib/libcrypto/man/SSL_set_verify_result.3 | 6 +-
lib/libcrypto/man/SSL_shutdown.3 | 6 +-
lib/libcrypto/man/SSL_state_string.3 | 6 +-
lib/libcrypto/man/SSL_want.3 | 6 +-
lib/libcrypto/man/SSL_write.3 | 6 +-
lib/libcrypto/man/crypto.3 | 6 +-
lib/libcrypto/man/d2i_DHparams.3 | 6 +-
lib/libcrypto/man/d2i_RSAPublicKey.3 | 6 +-
lib/libcrypto/man/d2i_SSL_SESSION.3 | 6 +-
lib/libcrypto/man/des_modes.7 | 4 +-
lib/libcrypto/man/lh_stats.3 | 6 +-
lib/libcrypto/man/openssl.1 | 6 +-
lib/libcrypto/man/openssl.cnf.5 | 6 +-
lib/libcrypto/man/openssl_CA.pl.1 | 6 +-
lib/libcrypto/man/openssl_asn1parse.1 | 6 +-
lib/libcrypto/man/openssl_bio.3 | 6 +-
lib/libcrypto/man/openssl_blowfish.3 | 6 +-
lib/libcrypto/man/openssl_bn.3 | 6 +-
lib/libcrypto/man/openssl_bn_internal.3 | 6 +-
lib/libcrypto/man/openssl_buffer.3 | 6 +-
lib/libcrypto/man/openssl_ca.1 | 6 +-
lib/libcrypto/man/openssl_ciphers.1 | 6 +-
lib/libcrypto/man/openssl_crl.1 | 6 +-
lib/libcrypto/man/openssl_crl2pkcs7.1 | 6 +-
lib/libcrypto/man/openssl_des.3 | 6 +-
lib/libcrypto/man/openssl_dgst.1 | 6 +-
lib/libcrypto/man/openssl_dh.3 | 6 +-
lib/libcrypto/man/openssl_dhparam.1 | 6 +-
lib/libcrypto/man/openssl_dsa.1 | 6 +-
lib/libcrypto/man/openssl_dsa.3 | 6 +-
lib/libcrypto/man/openssl_dsaparam.1 | 6 +-
lib/libcrypto/man/openssl_enc.1 | 6 +-
lib/libcrypto/man/openssl_err.3 | 6 +-
lib/libcrypto/man/openssl_evp.3 | 6 +-
lib/libcrypto/man/openssl_gendsa.1 | 6 +-
lib/libcrypto/man/openssl_genrsa.1 | 6 +-
lib/libcrypto/man/openssl_hmac.3 | 6 +-
lib/libcrypto/man/openssl_lhash.3 | 6 +-
lib/libcrypto/man/openssl_md5.3 | 6 +-
lib/libcrypto/man/openssl_mdc2.3 | 6 +-
lib/libcrypto/man/openssl_nseq.1 | 6 +-
lib/libcrypto/man/openssl_passwd.1 | 6 +-
lib/libcrypto/man/openssl_pkcs12.1 | 6 +-
lib/libcrypto/man/openssl_pkcs7.1 | 6 +-
lib/libcrypto/man/openssl_pkcs8.1 | 6 +-
lib/libcrypto/man/openssl_rand.1 | 6 +-
lib/libcrypto/man/openssl_rand.3 | 6 +-
lib/libcrypto/man/openssl_rc4.3 | 6 +-
lib/libcrypto/man/openssl_req.1 | 6 +-
lib/libcrypto/man/openssl_ripemd.3 | 6 +-
lib/libcrypto/man/openssl_rsa.1 | 6 +-
lib/libcrypto/man/openssl_rsa.3 | 6 +-
lib/libcrypto/man/openssl_rsautl.1 | 6 +-
lib/libcrypto/man/openssl_s_client.1 | 6 +-
lib/libcrypto/man/openssl_s_server.1 | 6 +-
lib/libcrypto/man/openssl_sess_id.1 | 6 +-
lib/libcrypto/man/openssl_sha.3 | 6 +-
lib/libcrypto/man/openssl_smime.1 | 6 +-
lib/libcrypto/man/openssl_speed.1 | 6 +-
lib/libcrypto/man/openssl_spkac.1 | 6 +-
lib/libcrypto/man/openssl_threads.3 | 6 +-
lib/libcrypto/man/openssl_verify.1 | 6 +-
lib/libcrypto/man/openssl_version.1 | 6 +-
lib/libcrypto/man/openssl_x509.1 | 6 +-
lib/libcrypto/man/ssl.3 | 6 +-
239 files changed, 837 insertions(+), 755 deletions(-)
diffs (truncated from 5563 to 300 lines):
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/CHANGES
--- a/crypto/dist/openssl/CHANGES Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/CHANGES Thu Aug 08 23:47:34 2002 +0000
@@ -2,11 +2,18 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
+
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer%CERT.Uni-Stuttgart.DE@localhost>,
- Alon Kantor <alonk%checkpoint.com@localhost> (and others),
- Steve Henson]
+ Alon Kantor <alonk%checkpoint.com@localhost> (and others),
+ Steve Henson]
+
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne%ats.cyber.ee@localhost>, Bodo Moeller]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/FAQ
--- a/crypto/dist/openssl/FAQ Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/FAQ Thu Aug 08 23:47:34 2002 +0000
@@ -61,7 +61,7 @@
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6e was released on 30 May, 2002.
+OpenSSL 0.9.6f was released on 8 August 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/crypto/cryptlib.c
--- a/crypto/dist/openssl/crypto/cryptlib.c Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/crypto/cryptlib.c Thu Aug 08 23:47:34 2002 +0000
@@ -491,11 +491,3 @@
#endif
#endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
- {
- fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
- file,line,assertion);
- abort();
- }
-
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/crypto/cryptlib.h
--- a/crypto/dist/openssl/crypto/cryptlib.h Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/crypto/cryptlib.h Thu Aug 08 23:47:34 2002 +0000
@@ -93,10 +93,6 @@
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) ((sizeof(type)*2)
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-
#ifdef __cplusplus
}
#endif
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/ssl/s2_clnt.c
--- a/crypto/dist/openssl/ssl/s2_clnt.c Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/ssl/s2_clnt.c Thu Aug 08 23:47:34 2002 +0000
@@ -518,7 +518,12 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+ return -1;
+ }
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,7 +625,12 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
- die(i <= SSL_MAX_KEY_ARG_LENGTH);
+ if (i > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -628,7 +638,12 @@
sess->master_key_length=i;
if (i > 0)
{
- die(i <= sizeof sess->master_key);
+ if (i > sizeof sess->master_key)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -672,7 +687,12 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
- die(karg <= sizeof sess->key_arg);
+ if (karg > sizeof sess->key_arg)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -693,7 +713,11 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -950,10 +974,9 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
+ if ((s->session->session_id_length > sizeof s->session->session_id)
+ || (0 != memcmp(buf, s->session->session_id,
+ (unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/ssl/s2_lib.c
--- a/crypto/dist/openssl/ssl/s2_lib.c Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/ssl/s2_lib.c Thu Aug 08 23:47:34 2002 +0000
@@ -417,7 +417,7 @@
return(3);
}
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
MD5_CTX ctx;
@@ -430,14 +430,24 @@
#endif
km=s->s2->key_material;
- die(s->s2->key_material_length <= sizeof s->s2->key_material);
+
+ if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ {
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+ return 0;
+ }
+
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
+ if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
+ {
+ /* MD5_Final() below would write beyond buffer */
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+ return 0;
+ }
+
MD5_Init(&ctx);
- die(s->session->master_key_length >= 0
- && s->session->master_key_length
- < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -446,6 +456,8 @@
MD5_Final(km,&ctx);
km+=MD5_DIGEST_LENGTH;
}
+
+ return 1;
}
void ssl2_return_error(SSL *s, int err)
@@ -470,18 +482,20 @@
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
- error=s->error;
+
+ error=s->error; /* number of bytes left to write */
s->error=0;
- die(error >= 0 && error <= 3);
+ if (error < 0 || error > sizeof buf) /* can't happen */
+ return;
+
i=ssl2_write(s,&(buf[3-error]),error);
+
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
else if (i != s->error)
s->error=error-i;
- /* else
- s->error=0; */
}
int ssl2_shutdown(SSL *s)
diff -r 3036be63c4e6 -r 83f8807a0b3b crypto/dist/openssl/ssl/s2_srvr.c
--- a/crypto/dist/openssl/ssl/s2_srvr.c Thu Aug 08 23:14:54 2002 +0000
+++ b/crypto/dist/openssl/ssl/s2_srvr.c Thu Aug 08 23:47:34 2002 +0000
@@ -399,8 +399,7 @@
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_PEER_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
return(-1);
}
@@ -408,8 +407,7 @@
if (cp == NULL)
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_NO_CIPHER_MATCH);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return(-1);
}
s->session->cipher= cp;
@@ -420,8 +418,8 @@
n2s(p,i); s->session->key_arg_length=i;
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
{
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_KEY_ARG_TOO_LONG);
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@@ -429,11 +427,17 @@
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
- die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+ if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@@ -510,7 +514,13 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
- die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -560,6 +570,7 @@
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
(i > SSL2_MAX_CHALLENGE_LENGTH))
{
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
Home |
Main Index |
Thread Index |
Old Index