generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

merge in changes in OpenSSL_0_9_6-stable (conflicts resolved)

Browse Source
This commit is contained in:
Bodo Möller 2002-08-02 11:38:07 +00:00
parent bb34d6de74
commit 1ce60f02d3
20 changed files with 160 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -4,7 +4,10 @@
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
*)
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
@ -29,7 +32,6 @@
applications.
[Bodo Moeller]
*) Changes in security patch:
Changes marked "(CHATS)" were sponsored by the Defense Advanced

4
Configure
View File

@ -354,8 +354,8 @@ my %table=(
"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

14
Makefile.org
View File

@ -247,7 +247,8 @@ link-shared:
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
( set -x; ln -f -s $$prev lib$$i$$j ); \
( set -x; \
rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
@ -676,7 +677,7 @@ install: all install_docs
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
make -f $$here/Makefile link-shared ); \
$(MAKE) -f $$here/Makefile link-shared ); \
fi
install_docs:
@ -685,22 +686,23 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@for i in doc/apps/*.pod; do \
@pod2man=`cd ../../util; ./pod2mantest ignore`; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done
done; \
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \

8
PROBLEMS
View File

@ -32,3 +32,11 @@ may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is.
* Parallell make leads to errors
While running tests, running a parallell make is a bad idea. Many test
scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.

2
STATUS
View File

@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at
______________ $Date: 2002/07/30 10:38:17 $
______________ $Date: 2002/08/02 11:36:42 $
DEVELOPMENT STATE

1
config
View File

@ -392,6 +392,7 @@ if [ "$GCCVER" != "" ]; then
else
CC=cc
fi
GCCVER=${GCCVER:-0}
if [ "$SYSTEM" = "HP-UX" ];then
# By default gcc is a ILP32 compiler (with long long == 64).
GCC_BITS="32"

4
crypto/cryptlib.h
View File

@ -93,10 +93,6 @@ extern "C" {
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) ((sizeof(type)*2)
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
#ifdef __cplusplus
}
#endif

3
crypto/mem.c
View File

@ -226,6 +226,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
{
void *ret = NULL;
if (str == NULL)
return CRYPTO_malloc(num, file, line);
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_func(str,num);

41
ssl/s2_clnt.c
View File

@ -518,7 +518,12 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
return -1;
}
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@ -620,7 +625,12 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > SSL_MAX_KEY_ARG_LENGTH)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@ -628,7 +638,12 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
die(i <= sizeof sess->master_key);
if (i > sizeof sess->master_key)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@ -672,7 +687,12 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
die(karg <= sizeof sess->key_arg);
if (karg > sizeof sess->key_arg)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@ -693,7 +713,11 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@ -950,10 +974,9 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
die(s->session->session_id_length
<= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
if ((s->session->session_id_length > sizeof s->session->session_id)
|| (0 != memcmp(buf, s->session->session_id,
(unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);

3
ssl/s2_enc.c
View File

@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
num=c->key_len;
s->s2->key_material_length=num*2;
ssl2_generate_key_material(s);
if (ssl2_generate_key_material(s) <= 0)
return 0;
EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);

32
ssl/s2_lib.c
View File

@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
return(3);
}
void ssl2_generate_key_material(SSL *s)
int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
MD5_CTX ctx;
@ -428,14 +428,24 @@ void ssl2_generate_key_material(SSL *s)
#endif
km=s->s2->key_material;
die(s->s2->key_material_length <= sizeof s->s2->key_material);
if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
{
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
return 0;
}
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
{
/* MD5_Final() below would write beyond buffer */
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
return 0;
}
MD5_Init(&ctx);
die(s->session->master_key_length >= 0
&& s->session->master_key_length
< sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@ -444,6 +454,8 @@ void ssl2_generate_key_material(SSL *s)
MD5_Final(km,&ctx);
km+=MD5_DIGEST_LENGTH;
}
return 1;
}
void ssl2_return_error(SSL *s, int err)
@ -468,18 +480,20 @@ void ssl2_write_error(SSL *s)
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
error=s->error;
error=s->error; /* number of bytes left to write */
s->error=0;
die(error >= 0 && error <= 3);
if (error < 0 || error > sizeof buf) /* can't happen */
return;
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
else if (i != s->error)
s->error=error-i;
/* else
s->error=0; */
}
int ssl2_shutdown(SSL *s)

58
ssl/s2_srvr.c
View File

@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s)
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_PEER_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
return(-1);
}
@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s)
if (cp == NULL)
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_NO_CIPHER_MATCH);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return(-1);
}
s->session->cipher= cp;
@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s)
n2s(p,i); s->session->key_arg_length=i;
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
{
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_KEY_ARG_TOO_LONG);
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s)
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@ -510,7 +514,13 @@ static int get_client_master_key(SSL *s)
#endif
if (is_export) i+=s->s2->tmp.clear;
die(i <= SSL_MAX_MASTER_KEY_LENGTH);
if (i > SSL_MAX_MASTER_KEY_LENGTH)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@ -560,6 +570,7 @@ static int get_client_hello(SSL *s)
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
(i > SSL2_MAX_CHALLENGE_LENGTH))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
return(-1);
}
@ -571,6 +582,7 @@ static int get_client_hello(SSL *s)
len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@ -658,7 +670,12 @@ static int get_client_hello(SSL *s)
p+=s->s2->tmp.session_id_length;
/* challenge */
die(s->s2->challenge_length <= sizeof s->s2->challenge);
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@ -810,7 +827,12 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
return -1;
}
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@ -836,7 +858,11 @@ static int server_verify(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
die(s->s2->challenge_length <= sizeof s->s2->challenge);
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@ -856,10 +882,12 @@ static int server_finish(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
die(s->session->session_id_length
<= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
if (s->session->session_id_length > sizeof s->session->session_id)
{
SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
s->state=SSL2_ST_SEND_SERVER_FINISHED_B;

6
ssl/s3_clnt.c
View File

@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
die(i <= sizeof s->session->session_id);
if (i > sizeof s->session->session_id)
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
goto err;
}
memcpy(p,s->session->session_id,i);
p+=i;
}

6
ssl/s3_srvr.c
View File

@ -949,7 +949,11 @@ static int ssl3_send_server_hello(SSL *s)
s->session->session_id_length=0;
sl=s->session->session_id_length;
die(sl <= sizeof s->session->session_id);
if (sl > sizeof s->session->session_id)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
return -1;
}
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;

7
ssl/ssl.h
View File

@ -1285,6 +1285,7 @@ void ERR_load_SSL_strings(void);
/* Function codes. */
#define SSL_F_CLIENT_CERTIFICATE 100
#define SSL_F_CLIENT_FINISHED 238
#define SSL_F_CLIENT_HELLO 101
#define SSL_F_CLIENT_MASTER_KEY 102
#define SSL_F_D2I_SSL_SESSION 103
@ -1298,7 +1299,9 @@ void ERR_load_SSL_strings(void);
#define SSL_F_I2D_SSL_SESSION 111
#define SSL_F_READ_N 112
#define SSL_F_REQUEST_CERTIFICATE 113
#define SSL_F_SERVER_FINISH 239
#define SSL_F_SERVER_HELLO 114
#define SSL_F_SERVER_VERIFY 240
#define SSL_F_SSL23_ACCEPT 115
#define SSL_F_SSL23_CLIENT_HELLO 116
#define SSL_F_SSL23_CONNECT 117
@ -1310,6 +1313,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL2_ACCEPT 122
#define SSL_F_SSL2_CONNECT 123
#define SSL_F_SSL2_ENC_INIT 124
#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
#define SSL_F_SSL2_PEEK 234
#define SSL_F_SSL2_READ 125
#define SSL_F_SSL2_READ_INTERNAL 236
@ -1345,6 +1349,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
#define SSL_F_SSL3_SEND_SERVER_HELLO 242
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
#define SSL_F_SSL3_SETUP_BUFFERS 156
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
@ -1559,6 +1564,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
@ -1639,4 +1645,3 @@ void ERR_load_SSL_strings(void);
}
#endif
#endif

3
ssl/ssl_asn1.c
View File

@ -274,9 +274,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
if (os.length > i)
os.length = i;
if (os.length > sizeof ret->session_id) /* can't happen */
os.length = sizeof ret->session_id;
ret->session_id_length=os.length;
die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);

6
ssl/ssl_err.c
View File

@ -67,6 +67,7 @@
static ERR_STRING_DATA SSL_str_functs[]=
{
{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
@ -127,6 +131,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
@ -344,6 +349,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},

2
ssl/ssl_locl.h
View File

@ -500,7 +500,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
int ssl2_enc_init(SSL *s, int client);
void ssl2_generate_key_material(SSL *s);
int ssl2_generate_key_material(SSL *s);
void ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);

7
ssl/ssl_sess.c
View File

@ -200,7 +200,12 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length=0;
}
die(s->sid_ctx_length <= sizeof ss->sid_ctx);
if (s->sid_ctx_length > sizeof ss->sid_ctx)
{
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;

2
util/mkerr.pl
View File

@ -320,7 +320,7 @@ EOF
print OUT <<"EOF";
/* $cfile */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions