get rid of OpenSSLDie
This commit is contained in:
Bodo Möller
parent
042e57d562
commit
5574e0ed41
7
CHANGES
7
CHANGES
@ -1764,6 +1764,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
|||||||
*) Clean old EAY MD5 hack from e_os.h.
|
*) Clean old EAY MD5 hack from e_os.h.
|
||||||
[Richard Levitte]
|
[Richard Levitte]
|
||||||
|
|
||||||
|
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
|
||||||
|
|
||||||
|
*) Use proper error handling instead of 'assertions' in buffer
|
||||||
|
overflow checks added in 0.9.6e. This prevents DoS (the
|
||||||
|
assertions could call abort()).
|
||||||
|
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
|
||||||
|
|
||||||
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
|
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
|
||||||
|
|
||||||
*) Add various sanity checks to asn1_get_length() to reject
|
*) Add various sanity checks to asn1_get_length() to reject
|
||||||
|
|||||||
@ -494,11 +494,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void OpenSSLDie(const char *file,int line,const char *assertion)
|
|
||||||
{
|
|
||||||
fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
|
|
||||||
file,line,assertion);
|
|
||||||
abort();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|||||||
@ -93,10 +93,6 @@ extern "C" {
|
|||||||
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
|
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
|
||||||
#define HEX_SIZE(type) ((sizeof(type)*2)
|
#define HEX_SIZE(type) ((sizeof(type)*2)
|
||||||
|
|
||||||
/* die if we have to */
|
|
||||||
void OpenSSLDie(const char *file,int line,const char *assertion);
|
|
||||||
#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -536,7 +536,12 @@ static int get_server_hello(SSL *s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
|
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
|
||||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
|
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
@ -638,7 +643,12 @@ static int client_master_key(SSL *s)
|
|||||||
/* make key_arg data */
|
/* make key_arg data */
|
||||||
i=EVP_CIPHER_iv_length(c);
|
i=EVP_CIPHER_iv_length(c);
|
||||||
sess->key_arg_length=i;
|
sess->key_arg_length=i;
|
||||||
die(i <= SSL_MAX_KEY_ARG_LENGTH);
|
if (i > SSL_MAX_KEY_ARG_LENGTH)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
|
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
|
||||||
|
|
||||||
/* make a master key */
|
/* make a master key */
|
||||||
@ -646,7 +656,12 @@ static int client_master_key(SSL *s)
|
|||||||
sess->master_key_length=i;
|
sess->master_key_length=i;
|
||||||
if (i > 0)
|
if (i > 0)
|
||||||
{
|
{
|
||||||
die(i <= sizeof sess->master_key);
|
if (i > sizeof sess->master_key)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (RAND_bytes(sess->master_key,i) <= 0)
|
if (RAND_bytes(sess->master_key,i) <= 0)
|
||||||
{
|
{
|
||||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
@ -690,7 +705,12 @@ static int client_master_key(SSL *s)
|
|||||||
d+=enc;
|
d+=enc;
|
||||||
karg=sess->key_arg_length;
|
karg=sess->key_arg_length;
|
||||||
s2n(karg,p); /* key arg size */
|
s2n(karg,p); /* key arg size */
|
||||||
die(karg <= sizeof sess->key_arg);
|
if (karg > sizeof sess->key_arg)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
memcpy(d,sess->key_arg,(unsigned int)karg);
|
memcpy(d,sess->key_arg,(unsigned int)karg);
|
||||||
d+=karg;
|
d+=karg;
|
||||||
|
|
||||||
@ -711,7 +731,11 @@ static int client_finished(SSL *s)
|
|||||||
{
|
{
|
||||||
p=(unsigned char *)s->init_buf->data;
|
p=(unsigned char *)s->init_buf->data;
|
||||||
*(p++)=SSL2_MT_CLIENT_FINISHED;
|
*(p++)=SSL2_MT_CLIENT_FINISHED;
|
||||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
|
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
|
||||||
|
|
||||||
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
|
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
|
||||||
@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s)
|
|||||||
{
|
{
|
||||||
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
|
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
|
||||||
{
|
{
|
||||||
die(s->session->session_id_length
|
if ((s->session->session_id_length > sizeof s->session->session_id)
|
||||||
<= sizeof s->session->session_id);
|
|| (0 != memcmp(buf, s->session->session_id,
|
||||||
if (memcmp(buf,s->session->session_id,
|
(unsigned int)s->session->session_id_length)))
|
||||||
(unsigned int)s->session->session_id_length) != 0)
|
|
||||||
{
|
{
|
||||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
|
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
|
||||||
|
|||||||
@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
|
|||||||
num=c->key_len;
|
num=c->key_len;
|
||||||
s->s2->key_material_length=num*2;
|
s->s2->key_material_length=num*2;
|
||||||
|
|
||||||
ssl2_generate_key_material(s);
|
if (ssl2_generate_key_material(s) <= 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
|
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
|
||||||
s->session->key_arg);
|
s->session->key_arg);
|
||||||
|
|||||||
41
ssl/s2_lib.c
41
ssl/s2_lib.c
@ -416,12 +416,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
|
|||||||
return(3);
|
return(3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssl2_generate_key_material(SSL *s)
|
int ssl2_generate_key_material(SSL *s)
|
||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
EVP_MD_CTX ctx;
|
EVP_MD_CTX ctx;
|
||||||
unsigned char *km;
|
unsigned char *km;
|
||||||
unsigned char c='0';
|
unsigned char c='0';
|
||||||
|
const EVP_MD *md5;
|
||||||
|
|
||||||
|
md5 = EVP_md5();
|
||||||
|
|
||||||
#ifdef CHARSET_EBCDIC
|
#ifdef CHARSET_EBCDIC
|
||||||
c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
|
c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
|
||||||
@ -429,23 +432,35 @@ void ssl2_generate_key_material(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
EVP_MD_CTX_init(&ctx);
|
EVP_MD_CTX_init(&ctx);
|
||||||
km=s->s2->key_material;
|
km=s->s2->key_material;
|
||||||
die(s->s2->key_material_length <= sizeof s->s2->key_material);
|
|
||||||
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
|
|
||||||
{
|
|
||||||
EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
|
|
||||||
|
|
||||||
die(s->session->master_key_length >= 0
|
if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
|
||||||
&& s->session->master_key_length
|
{
|
||||||
< sizeof s->session->master_key);
|
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i=0; i<s->s2->key_material_length; i += EVP_MD_block_size(md5))
|
||||||
|
{
|
||||||
|
if (((km - s->s2->key_material) + EVP_MD_block_size(md5)) > sizeof s->s2->key_material)
|
||||||
|
{
|
||||||
|
/* EVP_DigestFinal_ex() below would write beyond buffer */
|
||||||
|
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_DigestInit_ex(&ctx, md5, NULL);
|
||||||
|
|
||||||
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
|
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
|
||||||
EVP_DigestUpdate(&ctx,&c,1);
|
EVP_DigestUpdate(&ctx,&c,1);
|
||||||
c++;
|
c++;
|
||||||
EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
|
EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
|
||||||
EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
|
EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
|
||||||
EVP_DigestFinal_ex(&ctx,km,NULL);
|
EVP_DigestFinal_ex(&ctx,km,NULL);
|
||||||
km+=MD5_DIGEST_LENGTH;
|
km += EVP_MD_block_size(md5);
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_MD_CTX_cleanup(&ctx);
|
EVP_MD_CTX_cleanup(&ctx);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssl2_return_error(SSL *s, int err)
|
void ssl2_return_error(SSL *s, int err)
|
||||||
@ -470,10 +485,14 @@ void ssl2_write_error(SSL *s)
|
|||||||
buf[2]=(s->error_code)&0xff;
|
buf[2]=(s->error_code)&0xff;
|
||||||
|
|
||||||
/* state=s->rwstate;*/
|
/* state=s->rwstate;*/
|
||||||
error=s->error;
|
|
||||||
|
error=s->error; /* number of bytes left to write */
|
||||||
s->error=0;
|
s->error=0;
|
||||||
die(error >= 0 && error <= 3);
|
if (error < 0 || error > sizeof buf) /* can't happen */
|
||||||
|
return;
|
||||||
|
|
||||||
i=ssl2_write(s,&(buf[3-error]),error);
|
i=ssl2_write(s,&(buf[3-error]),error);
|
||||||
|
|
||||||
/* if (i == error) s->rwstate=state; */
|
/* if (i == error) s->rwstate=state; */
|
||||||
|
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
|
|||||||
@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s)
|
|||||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
|
||||||
SSL_R_PEER_ERROR);
|
|
||||||
return(-1);
|
return(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s)
|
|||||||
if (cp == NULL)
|
if (cp == NULL)
|
||||||
{
|
{
|
||||||
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
|
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
|
||||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
|
||||||
SSL_R_NO_CIPHER_MATCH);
|
|
||||||
return(-1);
|
return(-1);
|
||||||
}
|
}
|
||||||
s->session->cipher= cp;
|
s->session->cipher= cp;
|
||||||
@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s)
|
|||||||
n2s(p,i); s->session->key_arg_length=i;
|
n2s(p,i); s->session->key_arg_length=i;
|
||||||
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
|
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
|
||||||
{
|
{
|
||||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
SSL_R_KEY_ARG_TOO_LONG);
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
|
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
|
||||||
@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s)
|
|||||||
|
|
||||||
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
|
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
|
||||||
p=(unsigned char *)s->init_buf->data;
|
p=(unsigned char *)s->init_buf->data;
|
||||||
die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
|
if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
keya=s->session->key_arg_length;
|
keya=s->session->key_arg_length;
|
||||||
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
|
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
|
||||||
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
||||||
{
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -512,7 +516,13 @@ static int get_client_master_key(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (is_export) i+=s->s2->tmp.clear;
|
if (is_export) i+=s->s2->tmp.clear;
|
||||||
die(i <= SSL_MAX_MASTER_KEY_LENGTH);
|
|
||||||
|
if (i > SSL_MAX_MASTER_KEY_LENGTH)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
s->session->master_key_length=i;
|
s->session->master_key_length=i;
|
||||||
memcpy(s->session->master_key,p,(unsigned int)i);
|
memcpy(s->session->master_key,p,(unsigned int)i);
|
||||||
return(1);
|
return(1);
|
||||||
@ -563,6 +573,7 @@ static int get_client_hello(SSL *s)
|
|||||||
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
|
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
|
||||||
(i > SSL2_MAX_CHALLENGE_LENGTH))
|
(i > SSL2_MAX_CHALLENGE_LENGTH))
|
||||||
{
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
|
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
|
||||||
return(-1);
|
return(-1);
|
||||||
}
|
}
|
||||||
@ -574,6 +585,7 @@ static int get_client_hello(SSL *s)
|
|||||||
len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
|
len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
|
||||||
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
|
||||||
{
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
|
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -679,7 +691,12 @@ static int get_client_hello(SSL *s)
|
|||||||
p+=s->s2->tmp.session_id_length;
|
p+=s->s2->tmp.session_id_length;
|
||||||
|
|
||||||
/* challenge */
|
/* challenge */
|
||||||
die(s->s2->challenge_length <= sizeof s->s2->challenge);
|
if (s->s2->challenge_length > sizeof s->s2->challenge)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
|
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
|
||||||
return(1);
|
return(1);
|
||||||
mem_err:
|
mem_err:
|
||||||
@ -836,7 +853,12 @@ static int get_client_finished(SSL *s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* SSL2_ST_GET_CLIENT_FINISHED_B */
|
/* SSL2_ST_GET_CLIENT_FINISHED_B */
|
||||||
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
|
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
len = 1 + (unsigned long)s->s2->conn_id_length;
|
len = 1 + (unsigned long)s->s2->conn_id_length;
|
||||||
n = (int)len - s->init_num;
|
n = (int)len - s->init_num;
|
||||||
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
|
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
|
||||||
@ -864,7 +886,11 @@ static int server_verify(SSL *s)
|
|||||||
{
|
{
|
||||||
p=(unsigned char *)s->init_buf->data;
|
p=(unsigned char *)s->init_buf->data;
|
||||||
*(p++)=SSL2_MT_SERVER_VERIFY;
|
*(p++)=SSL2_MT_SERVER_VERIFY;
|
||||||
die(s->s2->challenge_length <= sizeof s->s2->challenge);
|
if (s->s2->challenge_length > sizeof s->s2->challenge)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
|
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
|
||||||
/* p+=s->s2->challenge_length; */
|
/* p+=s->s2->challenge_length; */
|
||||||
|
|
||||||
@ -884,10 +910,12 @@ static int server_finish(SSL *s)
|
|||||||
p=(unsigned char *)s->init_buf->data;
|
p=(unsigned char *)s->init_buf->data;
|
||||||
*(p++)=SSL2_MT_SERVER_FINISHED;
|
*(p++)=SSL2_MT_SERVER_FINISHED;
|
||||||
|
|
||||||
die(s->session->session_id_length
|
if (s->session->session_id_length > sizeof s->session->session_id)
|
||||||
<= sizeof s->session->session_id);
|
{
|
||||||
memcpy(p,s->session->session_id,
|
SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
|
||||||
(unsigned int)s->session->session_id_length);
|
return -1;
|
||||||
|
}
|
||||||
|
memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
|
||||||
/* p+=s->session->session_id_length; */
|
/* p+=s->session->session_id_length; */
|
||||||
|
|
||||||
s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
|
s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
|
||||||
|
|||||||
@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
|
|||||||
*(p++)=i;
|
*(p++)=i;
|
||||||
if (i != 0)
|
if (i != 0)
|
||||||
{
|
{
|
||||||
die(i <= sizeof s->session->session_id);
|
if (i > sizeof s->session->session_id)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
memcpy(p,s->session->session_id,i);
|
memcpy(p,s->session->session_id,i);
|
||||||
p+=i;
|
p+=i;
|
||||||
}
|
}
|
||||||
@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
SSL_MAX_MASTER_KEY_LENGTH);
|
SSL_MAX_MASTER_KEY_LENGTH);
|
||||||
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
|
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
|
||||||
outl += padl;
|
outl += padl;
|
||||||
die(outl <= sizeof epms);
|
if (outl > sizeof epms)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
|
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
|
||||||
|
|
||||||
/* KerberosWrapper.EncryptedPreMasterSecret */
|
/* KerberosWrapper.EncryptedPreMasterSecret */
|
||||||
|
|||||||
@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s)
|
|||||||
s->session->session_id_length=0;
|
s->session->session_id_length=0;
|
||||||
|
|
||||||
sl=s->session->session_id_length;
|
sl=s->session->session_id_length;
|
||||||
die(sl <= sizeof s->session->session_id);
|
if (sl > sizeof s->session->session_id)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
*(p++)=sl;
|
*(p++)=sl;
|
||||||
memcpy(p,s->session->session_id,sl);
|
memcpy(p,s->session->session_id,sl);
|
||||||
p+=sl;
|
p+=sl;
|
||||||
|
|||||||
@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
|
|
||||||
/* Function codes. */
|
/* Function codes. */
|
||||||
#define SSL_F_CLIENT_CERTIFICATE 100
|
#define SSL_F_CLIENT_CERTIFICATE 100
|
||||||
|
#define SSL_F_CLIENT_FINISHED 238
|
||||||
#define SSL_F_CLIENT_HELLO 101
|
#define SSL_F_CLIENT_HELLO 101
|
||||||
#define SSL_F_CLIENT_MASTER_KEY 102
|
#define SSL_F_CLIENT_MASTER_KEY 102
|
||||||
#define SSL_F_D2I_SSL_SESSION 103
|
#define SSL_F_D2I_SSL_SESSION 103
|
||||||
@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_I2D_SSL_SESSION 111
|
#define SSL_F_I2D_SSL_SESSION 111
|
||||||
#define SSL_F_READ_N 112
|
#define SSL_F_READ_N 112
|
||||||
#define SSL_F_REQUEST_CERTIFICATE 113
|
#define SSL_F_REQUEST_CERTIFICATE 113
|
||||||
|
#define SSL_F_SERVER_FINISH 239
|
||||||
#define SSL_F_SERVER_HELLO 114
|
#define SSL_F_SERVER_HELLO 114
|
||||||
|
#define SSL_F_SERVER_VERIFY 240
|
||||||
#define SSL_F_SSL23_ACCEPT 115
|
#define SSL_F_SSL23_ACCEPT 115
|
||||||
#define SSL_F_SSL23_CLIENT_HELLO 116
|
#define SSL_F_SSL23_CLIENT_HELLO 116
|
||||||
#define SSL_F_SSL23_CONNECT 117
|
#define SSL_F_SSL23_CONNECT 117
|
||||||
@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_SSL2_ACCEPT 122
|
#define SSL_F_SSL2_ACCEPT 122
|
||||||
#define SSL_F_SSL2_CONNECT 123
|
#define SSL_F_SSL2_CONNECT 123
|
||||||
#define SSL_F_SSL2_ENC_INIT 124
|
#define SSL_F_SSL2_ENC_INIT 124
|
||||||
|
#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
|
||||||
#define SSL_F_SSL2_PEEK 234
|
#define SSL_F_SSL2_PEEK 234
|
||||||
#define SSL_F_SSL2_READ 125
|
#define SSL_F_SSL2_READ 125
|
||||||
#define SSL_F_SSL2_READ_INTERNAL 236
|
#define SSL_F_SSL2_READ_INTERNAL 236
|
||||||
@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
|
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
|
||||||
#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
|
#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
|
||||||
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
|
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
|
||||||
|
#define SSL_F_SSL3_SEND_SERVER_HELLO 242
|
||||||
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
|
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
|
||||||
#define SSL_F_SSL3_SETUP_BUFFERS 156
|
#define SSL_F_SSL3_SETUP_BUFFERS 156
|
||||||
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
|
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
|
||||||
@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
#define SSL_R_SHORT_READ 219
|
#define SSL_R_SHORT_READ 219
|
||||||
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
|
||||||
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
|
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
|
||||||
|
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
|
||||||
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
|
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
|
||||||
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
|
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
|
||||||
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
|
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
|
||||||
|
|||||||
@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
|
|||||||
i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
|
i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
|
||||||
|
|
||||||
if (os.length > i)
|
if (os.length > i)
|
||||||
os.length=i;
|
os.length = i;
|
||||||
|
if (os.length > sizeof ret->session_id) /* can't happen */
|
||||||
|
os.length = sizeof ret->session_id;
|
||||||
|
|
||||||
ret->session_id_length=os.length;
|
ret->session_id_length=os.length;
|
||||||
die(os.length <= sizeof ret->session_id);
|
|
||||||
memcpy(ret->session_id,os.data,os.length);
|
memcpy(ret->session_id,os.data,os.length);
|
||||||
|
|
||||||
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
|
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
|
||||||
|
|||||||
@ -67,6 +67,7 @@
|
|||||||
static ERR_STRING_DATA SSL_str_functs[]=
|
static ERR_STRING_DATA SSL_str_functs[]=
|
||||||
{
|
{
|
||||||
{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
|
{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
|
||||||
|
{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
|
||||||
{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
|
{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
|
||||||
{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
|
{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
|
||||||
{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
|
{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
|
||||||
@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
|
{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
|
||||||
{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
|
{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
|
||||||
{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
|
{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
|
||||||
|
{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
|
||||||
{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
|
{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
|
||||||
|
{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
|
||||||
{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
|
{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
|
||||||
{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
|
{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
|
||||||
{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
|
{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
|
||||||
@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
|
{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
|
||||||
{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
|
{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
|
||||||
{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
|
{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
|
||||||
|
{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
|
||||||
{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
|
{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
|
||||||
{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
|
{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
|
||||||
{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
|
{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
|
||||||
@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||||||
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
|
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
|
||||||
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
|
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
|
||||||
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
|
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
|
||||||
|
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
|
||||||
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
|
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
|
||||||
{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
|
{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
|
||||||
{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
|
{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
|
||||||
@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
|||||||
{SSL_R_SHORT_READ ,"short read"},
|
{SSL_R_SHORT_READ ,"short read"},
|
||||||
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
|
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
|
||||||
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
|
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
|
||||||
|
{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
|
||||||
{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
|
{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
|
||||||
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
|
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
|
||||||
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
|
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
|
||||||
|
|||||||
@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
|
|||||||
int ssl_verify_alarm_type(long type);
|
int ssl_verify_alarm_type(long type);
|
||||||
|
|
||||||
int ssl2_enc_init(SSL *s, int client);
|
int ssl2_enc_init(SSL *s, int client);
|
||||||
void ssl2_generate_key_material(SSL *s);
|
int ssl2_generate_key_material(SSL *s);
|
||||||
void ssl2_enc(SSL *s,int send_data);
|
void ssl2_enc(SSL *s,int send_data);
|
||||||
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
|
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
|
||||||
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
|
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
|
||||||
|
|||||||
@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session)
|
|||||||
ss->session_id_length=0;
|
ss->session_id_length=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
die(s->sid_ctx_length <= sizeof ss->sid_ctx);
|
if (s->sid_ctx_length > sizeof ss->sid_ctx)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
|
||||||
|
SSL_SESSION_free(ss);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
|
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
|
||||||
ss->sid_ctx_length=s->sid_ctx_length;
|
ss->sid_ctx_length=s->sid_ctx_length;
|
||||||
s->session=ss;
|
s->session=ss;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user