OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. Submitted by: Reviewed by: PR:
This commit is contained in:
		
							
								
								
									
										43
									
								
								CHANGES
									
									
									
									
									
								
							
							
						
						
									
										43
									
								
								CHANGES
									
									
									
									
									
								
							| @@ -1667,7 +1667,13 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k | |||||||
|   *) Clean old EAY MD5 hack from e_os.h. |   *) Clean old EAY MD5 hack from e_os.h. | ||||||
|      [Richard Levitte] |      [Richard Levitte] | ||||||
|  |  | ||||||
|  Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX] |  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002] | ||||||
|  |  | ||||||
|  |   *) Add various sanity checks to asn1_get_length() to reject | ||||||
|  |      the ASN1 length bytes if they exceed sizeof(long), will appear | ||||||
|  |      negative or the content length exceeds the length of the | ||||||
|  |      supplied buffer. | ||||||
|  |      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] | ||||||
|  |  | ||||||
|   *) Fix cipher selection routines: ciphers without encryption had no flags |   *) Fix cipher selection routines: ciphers without encryption had no flags | ||||||
|      for the cipher strength set and where therefore not handled correctly |      for the cipher strength set and where therefore not handled correctly | ||||||
| @@ -1690,6 +1696,41 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k | |||||||
|      applications. |      applications. | ||||||
|      [Bodo Moeller] |      [Bodo Moeller] | ||||||
|  |  | ||||||
|  |   *) Changes in security patch: | ||||||
|  |  | ||||||
|  |      Changes marked "(CHATS)" were sponsored by the Defense Advanced | ||||||
|  |      Research Projects Agency (DARPA) and Air Force Research Laboratory, | ||||||
|  |      Air Force Materiel Command, USAF, under agreement number | ||||||
|  |      F30602-01-2-0537. | ||||||
|  |  | ||||||
|  |   *) Add various sanity checks to asn1_get_length() to reject | ||||||
|  |      the ASN1 length bytes if they exceed sizeof(long), will appear | ||||||
|  |      negative or the content length exceeds the length of the | ||||||
|  |      supplied buffer. (CAN-2002-0659) | ||||||
|  |      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] | ||||||
|  |  | ||||||
|  |   *) Assertions for various potential buffer overflows, not known to | ||||||
|  |      happen in practice. | ||||||
|  |      [Ben Laurie (CHATS)] | ||||||
|  |  | ||||||
|  |   *) Various temporary buffers to hold ASCII versions of integers were | ||||||
|  |      too small for 64 bit platforms. (CAN-2002-0655) | ||||||
|  |      [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> | ||||||
|  |  | ||||||
|  |   *) Remote buffer overflow in SSL3 protocol - an attacker could | ||||||
|  |      supply an oversized master key in Kerberos-enabled versions. | ||||||
|  |      (CAN-2002-0657) | ||||||
|  |      [Ben Laurie (CHATS)] | ||||||
|  |  | ||||||
|  |   *) Remote buffer overflow in SSL3 protocol - an attacker could | ||||||
|  |      supply an oversized session ID to a client. (CAN-2002-0656) | ||||||
|  |      [Ben Laurie (CHATS)] | ||||||
|  |  | ||||||
|  |   *) Remote buffer overflow in SSL2 protocol - an attacker could | ||||||
|  |      supply an oversized client master key. (CAN-2002-0656) | ||||||
|  |      [Ben Laurie (CHATS)] | ||||||
|  |  | ||||||
|  |  | ||||||
|  Changes between 0.9.6c and 0.9.6d  [9 May 2002] |  Changes between 0.9.6c and 0.9.6d  [9 May 2002] | ||||||
|  |  | ||||||
|   *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not |   *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not | ||||||
|   | |||||||
| @@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, | |||||||
| 		(int)(omax+ *pp)); | 		(int)(omax+ *pp)); | ||||||
|  |  | ||||||
| #endif | #endif | ||||||
| #if 0 | 	if (*plength > (omax - (*pp - p))) | ||||||
| 	if ((p+ *plength) > (omax+ *pp)) |  | ||||||
| 		{ | 		{ | ||||||
| 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | ||||||
| 		/* Set this so that even if things are not long enough | 		/* Set this so that even if things are not long enough | ||||||
| 		 * the values are set correctly */ | 		 * the values are set correctly */ | ||||||
| 		ret|=0x80; | 		ret|=0x80; | ||||||
| 		} | 		} | ||||||
| #endif |  | ||||||
| 	*pp=p; | 	*pp=p; | ||||||
| 	return(ret|inf); | 	return(ret|inf); | ||||||
| err: | err: | ||||||
| @@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | |||||||
| 		i= *p&0x7f; | 		i= *p&0x7f; | ||||||
| 		if (*(p++) & 0x80) | 		if (*(p++) & 0x80) | ||||||
| 			{ | 			{ | ||||||
|  | 			if (i > sizeof(long)) | ||||||
|  | 				return 0; | ||||||
| 			if (max-- == 0) return(0); | 			if (max-- == 0) return(0); | ||||||
| 			while (i-- > 0) | 			while (i-- > 0) | ||||||
| 				{ | 				{ | ||||||
| @@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | |||||||
| 		else | 		else | ||||||
| 			ret=i; | 			ret=i; | ||||||
| 		} | 		} | ||||||
|  | 	if (ret < 0) | ||||||
|  | 		return 0; | ||||||
| 	*pp=p; | 	*pp=p; | ||||||
| 	*rl=ret; | 	*rl=ret; | ||||||
| 	return(1); | 	return(1); | ||||||
| @@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) | |||||||
|  |  | ||||||
| void asn1_add_error(unsigned char *address, int offset) | void asn1_add_error(unsigned char *address, int offset) | ||||||
| 	{ | 	{ | ||||||
| 	char buf1[16],buf2[16]; | 	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; | ||||||
|  |  | ||||||
| 	sprintf(buf1,"%lu",(unsigned long)address); | 	sprintf(buf1,"%lu",(unsigned long)address); | ||||||
| 	sprintf(buf2,"%d",offset); | 	sprintf(buf2,"%d",offset); | ||||||
|   | |||||||
| @@ -89,14 +89,14 @@ conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h | |||||||
| conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | ||||||
| conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||||||
| conf_api.o: conf_api.c | conf_api.o: conf_api.c | ||||||
| conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | conf_def.o: ../../e_os.h ../../include/openssl/bio.h | ||||||
| conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h | conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h | ||||||
| conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h | ||||||
| conf_def.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | ||||||
| conf_def.o: ../../include/openssl/opensslconf.h | conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h | ||||||
| conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | ||||||
| conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||||||
| conf_def.o: conf_def.c conf_def.h | conf_def.o: ../cryptlib.h conf_def.c conf_def.h | ||||||
| conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h | conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h | ||||||
| conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | ||||||
| conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||||||
|   | |||||||
| @@ -67,6 +67,7 @@ | |||||||
| #include "conf_def.h" | #include "conf_def.h" | ||||||
| #include <openssl/buffer.h> | #include <openssl/buffer.h> | ||||||
| #include <openssl/err.h> | #include <openssl/err.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static char *eat_ws(CONF *conf, char *p); | static char *eat_ws(CONF *conf, char *p); | ||||||
| static char *eat_alpha_numeric(CONF *conf, char *p); | static char *eat_alpha_numeric(CONF *conf, char *p); | ||||||
| @@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line) | |||||||
| static int def_load_bio(CONF *conf, BIO *in, long *line) | static int def_load_bio(CONF *conf, BIO *in, long *line) | ||||||
| 	{ | 	{ | ||||||
| #define BUFSIZE	512 | #define BUFSIZE	512 | ||||||
| 	char btmp[16]; |  | ||||||
| 	int bufnum=0,i,ii; | 	int bufnum=0,i,ii; | ||||||
| 	BUF_MEM *buff=NULL; | 	BUF_MEM *buff=NULL; | ||||||
| 	char *s,*p,*end; | 	char *s,*p,*end; | ||||||
| 	int again,n; | 	int again,n; | ||||||
| 	long eline=0; | 	long eline=0; | ||||||
|  | 	char btmp[DECIMAL_SIZE(eline)+1]; | ||||||
| 	CONF_VALUE *v=NULL,*tv; | 	CONF_VALUE *v=NULL,*tv; | ||||||
| 	CONF_VALUE *sv=NULL; | 	CONF_VALUE *sv=NULL; | ||||||
| 	char *section=NULL,*buf; | 	char *section=NULL,*buf; | ||||||
|   | |||||||
| @@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value, | |||||||
| 		{ | 		{ | ||||||
| 		if (!(flags & CONF_MFLAGS_SILENT)) | 		if (!(flags & CONF_MFLAGS_SILENT)) | ||||||
| 			{ | 			{ | ||||||
| 			char rcode[10]; | 			char rcode[DECIMAL_SIZE(ret)+1]; | ||||||
| 			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); | 			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); | ||||||
| 			sprintf(rcode, "%-8d", ret); | 			sprintf(rcode, "%-8d", ret); | ||||||
| 			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); | 			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); | ||||||
|   | |||||||
| @@ -492,3 +492,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|  | void OpenSSLDie(const char *file,int line,const char *assertion) | ||||||
|  |     { | ||||||
|  |     fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", | ||||||
|  | 	    file,line,assertion); | ||||||
|  |     abort(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|   | |||||||
| @@ -89,6 +89,14 @@ extern "C" { | |||||||
| #define X509_CERT_DIR_EVP        "SSL_CERT_DIR" | #define X509_CERT_DIR_EVP        "SSL_CERT_DIR" | ||||||
| #define X509_CERT_FILE_EVP       "SSL_CERT_FILE" | #define X509_CERT_FILE_EVP       "SSL_CERT_FILE" | ||||||
|  |  | ||||||
|  | /* size of string represenations */ | ||||||
|  | #define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1) | ||||||
|  | #define HEX_SIZE(type)         ((sizeof(type)*2) | ||||||
|  |  | ||||||
|  | /* die if we have to */ | ||||||
|  | void OpenSSLDie(const char *file,int line,const char *assertion); | ||||||
|  | #define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | ||||||
|  |  | ||||||
| #ifdef  __cplusplus | #ifdef  __cplusplus | ||||||
| } | } | ||||||
| #endif | #endif | ||||||
|   | |||||||
| @@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||||||
| 		goto err; | 		goto err; | ||||||
| 	default: | 	default: | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -518,7 +518,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||||||
| 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, | 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, | ||||||
| 		&res, 1)) != SW_OK) | 		&res, 1)) != SW_OK) | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||||||
| 		goto err; | 		goto err; | ||||||
| 	default: | 	default: | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -625,7 +625,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||||||
| 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, | 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, | ||||||
| 		&res, 1)) != SW_OK) | 		&res, 1)) != SW_OK) | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -740,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||||||
| 		goto err; | 		goto err; | ||||||
| 	default: | 	default: | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -758,7 +758,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||||||
| 		&res, 1); | 		&res, 1); | ||||||
| 	if(sw_status != SW_OK) | 	if(sw_status != SW_OK) | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -852,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, | |||||||
| 		goto err; | 		goto err; | ||||||
| 	default: | 	default: | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
| @@ -874,7 +874,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, | |||||||
| 		&res, 1); | 		&res, 1); | ||||||
| 	if(sw_status != SW_OK) | 	if(sw_status != SW_OK) | ||||||
| 		{ | 		{ | ||||||
| 		char tmpbuf[20]; | 		char tmpbuf[DECIMAL_SIZE(sw_status)+1]; | ||||||
| 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); | 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); | ||||||
| 		sprintf(tmpbuf, "%ld", sw_status); | 		sprintf(tmpbuf, "%ld", sw_status); | ||||||
| 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); | ||||||
|   | |||||||
| @@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) | |||||||
| 	unsigned long l; | 	unsigned long l; | ||||||
| 	unsigned char *p; | 	unsigned char *p; | ||||||
| 	const char *s; | 	const char *s; | ||||||
| 	char tbuf[32]; | 	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; | ||||||
|  |  | ||||||
| 	if (buf_len <= 0) return(0); | 	if (buf_len <= 0) return(0); | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										364
									
								
								ssl/Makefile.ssl
									
									
									
									
									
								
							
							
						
						
									
										364
									
								
								ssl/Makefile.ssl
									
									
									
									
									
								
							| @@ -281,32 +281,32 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | |||||||
| s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ||||||
| s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c | s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c | ||||||
| s23_srvr.o: ssl_locl.h | s23_srvr.o: ssl_locl.h | ||||||
| s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h | s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h | s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h | s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h | s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h | s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h | s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ||||||
| s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h | s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h | ||||||
| s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ||||||
| s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ||||||
| s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ||||||
| s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h | s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ||||||
| s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h | s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ||||||
| s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h | ||||||
| s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | ||||||
| s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | ||||||
| s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h | s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h | ||||||
| s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | ||||||
| s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | ||||||
| s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | ||||||
| s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c | s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s2_clnt.o: ssl_locl.h | s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h | ||||||
| s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -332,31 +332,32 @@ s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |||||||
| s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h | s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h | s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h | ||||||
| s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h | s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h | s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h | s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h | s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h | s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h | s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ||||||
| s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h | s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h | ||||||
| s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ||||||
| s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ||||||
| s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ||||||
| s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h | s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ||||||
| s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h | s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ||||||
| s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | ||||||
| s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | ||||||
| s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h | s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | ||||||
| s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h | ||||||
| s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | ||||||
| s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | ||||||
| s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h | s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | ||||||
| s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ||||||
| s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h | s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c | ||||||
|  | s2_lib.o: ssl_locl.h | ||||||
| s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -407,32 +408,32 @@ s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |||||||
| s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h | s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h | ||||||
| s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h | s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h | s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h | s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h | s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h | s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h | s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ||||||
| s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h | s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h | ||||||
| s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ||||||
| s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ||||||
| s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ||||||
| s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h | s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ||||||
| s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h | s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ||||||
| s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h | ||||||
| s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | ||||||
| s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | ||||||
| s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h | s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h | ||||||
| s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | ||||||
| s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | ||||||
| s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | ||||||
| s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c | s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s2_srvr.o: ssl_locl.h | s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h | ||||||
| s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -459,32 +460,32 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | |||||||
| s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ||||||
| s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c | s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c | ||||||
| s3_both.o: ssl_locl.h | s3_both.o: ssl_locl.h | ||||||
| s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h | s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h | s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h | s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h | s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h | s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h | s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ||||||
| s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h | s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h | ||||||
| s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ||||||
| s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ||||||
| s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ||||||
| s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h | s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ||||||
| s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h | s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ||||||
| s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h | ||||||
| s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | ||||||
| s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | ||||||
| s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h | s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h | ||||||
| s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | ||||||
| s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | ||||||
| s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | ||||||
| s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h | s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s3_clnt.o: s3_clnt.c ssl_locl.h | s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h | ||||||
| s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -585,32 +586,33 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |||||||
| s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h | s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h | ||||||
| s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h | s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h | s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h | s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h | s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h | s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| s3_srvr.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h | s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h | ||||||
| s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h | s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h | ||||||
| s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h | ||||||
| s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | ||||||
| s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | ||||||
| s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | ||||||
| s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h | ||||||
| s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h | s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h | ||||||
| s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | ||||||
| s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | ||||||
| s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h | s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | ||||||
| s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h | ||||||
| s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | ||||||
| s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | ||||||
| s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h | s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | ||||||
| s3_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ||||||
| s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h | s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h | ||||||
|  | s3_srvr.o: s3_srvr.c ssl_locl.h | ||||||
| ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -636,32 +638,32 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |||||||
| ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h | ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h | ||||||
| ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h | ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h | ||||||
| ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h | ||||||
| ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h | ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h | ||||||
| ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h | ||||||
| ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | ||||||
| ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h | ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h | ||||||
| ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h | ||||||
| ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h | ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h | ||||||
| ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h | ||||||
| ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | ||||||
| ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | ||||||
| ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | ||||||
| ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h | ||||||
| ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h | ||||||
| ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | ||||||
| ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | ||||||
| ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h | ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h | ||||||
| ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | ||||||
| ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | ||||||
| ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | ||||||
| ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c | ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| ssl_asn1.o: ssl_locl.h | ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h | ||||||
| ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
| @@ -814,32 +816,32 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |||||||
| ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c | ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c | ||||||
| ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h | ||||||
| ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h | ||||||
| ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h | ||||||
| ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h | ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h | ||||||
| ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h | ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h | ||||||
| ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h | ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h | ||||||
| ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h | ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h | ||||||
| ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h | ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h | ||||||
| ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h | ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h | ||||||
| ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h | ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h | ||||||
| ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h | ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h | ||||||
| ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h | ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h | ||||||
| ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h | ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | ||||||
| ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h | ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | ||||||
| ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h | ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h | ||||||
| ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h | ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h | ||||||
| ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h | ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h | ||||||
| ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h | ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h | ||||||
| ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h | ||||||
| ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h | ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h | ||||||
| ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h | ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h | ||||||
| ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h | ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h | ||||||
| ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h | ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | ||||||
| ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h | ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h | ||||||
| ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h | ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h | ||||||
| ssl_sess.o: ssl_sess.c | ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c | ||||||
| ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h | ||||||
| ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h | ||||||
| ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h | ||||||
|   | |||||||
| @@ -116,6 +116,7 @@ | |||||||
| #include <openssl/buffer.h> | #include <openssl/buffer.h> | ||||||
| #include <openssl/objects.h> | #include <openssl/objects.h> | ||||||
| #include <openssl/evp.h> | #include <openssl/evp.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static SSL_METHOD *ssl2_get_client_method(int ver); | static SSL_METHOD *ssl2_get_client_method(int ver); | ||||||
| static int get_server_finished(SSL *s); | static int get_server_finished(SSL *s); | ||||||
| @@ -535,6 +536,7 @@ static int get_server_hello(SSL *s) | |||||||
| 		} | 		} | ||||||
| 		 | 		 | ||||||
| 	s->s2->conn_id_length=s->s2->tmp.conn_id_length; | 	s->s2->conn_id_length=s->s2->tmp.conn_id_length; | ||||||
|  | 	die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | ||||||
| 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | ||||||
| 	return(1); | 	return(1); | ||||||
| 	} | 	} | ||||||
| @@ -636,6 +638,7 @@ static int client_master_key(SSL *s) | |||||||
| 		/* make key_arg data */ | 		/* make key_arg data */ | ||||||
| 		i=EVP_CIPHER_iv_length(c); | 		i=EVP_CIPHER_iv_length(c); | ||||||
| 		sess->key_arg_length=i; | 		sess->key_arg_length=i; | ||||||
|  | 		die(i <= SSL_MAX_KEY_ARG_LENGTH); | ||||||
| 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | ||||||
|  |  | ||||||
| 		/* make a master key */ | 		/* make a master key */ | ||||||
| @@ -643,6 +646,7 @@ static int client_master_key(SSL *s) | |||||||
| 		sess->master_key_length=i; | 		sess->master_key_length=i; | ||||||
| 		if (i > 0) | 		if (i > 0) | ||||||
| 			{ | 			{ | ||||||
|  | 			die(i <= sizeof sess->master_key); | ||||||
| 			if (RAND_bytes(sess->master_key,i) <= 0) | 			if (RAND_bytes(sess->master_key,i) <= 0) | ||||||
| 				{ | 				{ | ||||||
| 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||||||
| @@ -686,6 +690,7 @@ static int client_master_key(SSL *s) | |||||||
| 		d+=enc; | 		d+=enc; | ||||||
| 		karg=sess->key_arg_length;	 | 		karg=sess->key_arg_length;	 | ||||||
| 		s2n(karg,p); /* key arg size */ | 		s2n(karg,p); /* key arg size */ | ||||||
|  | 		die(karg <= sizeof sess->key_arg); | ||||||
| 		memcpy(d,sess->key_arg,(unsigned int)karg); | 		memcpy(d,sess->key_arg,(unsigned int)karg); | ||||||
| 		d+=karg; | 		d+=karg; | ||||||
|  |  | ||||||
| @@ -706,6 +711,7 @@ static int client_finished(SSL *s) | |||||||
| 		{ | 		{ | ||||||
| 		p=(unsigned char *)s->init_buf->data; | 		p=(unsigned char *)s->init_buf->data; | ||||||
| 		*(p++)=SSL2_MT_CLIENT_FINISHED; | 		*(p++)=SSL2_MT_CLIENT_FINISHED; | ||||||
|  | 		die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | ||||||
| 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | ||||||
|  |  | ||||||
| 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | ||||||
| @@ -978,6 +984,8 @@ static int get_server_finished(SSL *s) | |||||||
| 		{ | 		{ | ||||||
| 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | ||||||
| 			{ | 			{ | ||||||
|  | 			die(s->session->session_id_length | ||||||
|  | 			    <= sizeof s->session->session_id); | ||||||
| 			if (memcmp(buf,s->session->session_id, | 			if (memcmp(buf,s->session->session_id, | ||||||
| 				(unsigned int)s->session->session_id_length) != 0) | 				(unsigned int)s->session->session_id_length) != 0) | ||||||
| 				{ | 				{ | ||||||
|   | |||||||
| @@ -63,6 +63,7 @@ | |||||||
| #include <openssl/objects.h> | #include <openssl/objects.h> | ||||||
| #include <openssl/evp.h> | #include <openssl/evp.h> | ||||||
| #include <openssl/md5.h> | #include <openssl/md5.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static long ssl2_default_timeout(void ); | static long ssl2_default_timeout(void ); | ||||||
| const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | ||||||
| @@ -428,10 +429,14 @@ void ssl2_generate_key_material(SSL *s) | |||||||
| #endif | #endif | ||||||
| 	EVP_MD_CTX_init(&ctx); | 	EVP_MD_CTX_init(&ctx); | ||||||
| 	km=s->s2->key_material; | 	km=s->s2->key_material; | ||||||
|  | 	die(s->s2->key_material_length <= sizeof s->s2->key_material); | ||||||
| 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) | 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) | ||||||
| 		{ | 		{ | ||||||
| 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); | 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); | ||||||
|  |  | ||||||
|  | 		die(s->session->master_key_length >= 0 | ||||||
|  | 		    && s->session->master_key_length | ||||||
|  | 		    < sizeof s->session->master_key); | ||||||
| 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); | 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); | ||||||
| 		EVP_DigestUpdate(&ctx,&c,1); | 		EVP_DigestUpdate(&ctx,&c,1); | ||||||
| 		c++; | 		c++; | ||||||
| @@ -467,6 +472,7 @@ void ssl2_write_error(SSL *s) | |||||||
| /*	state=s->rwstate;*/ | /*	state=s->rwstate;*/ | ||||||
| 	error=s->error; | 	error=s->error; | ||||||
| 	s->error=0; | 	s->error=0; | ||||||
|  | 	die(error >= 0 && error <= 3); | ||||||
| 	i=ssl2_write(s,&(buf[3-error]),error); | 	i=ssl2_write(s,&(buf[3-error]),error); | ||||||
| /*	if (i == error) s->rwstate=state; */ | /*	if (i == error) s->rwstate=state; */ | ||||||
|  |  | ||||||
|   | |||||||
| @@ -116,6 +116,7 @@ | |||||||
| #include <openssl/rand.h> | #include <openssl/rand.h> | ||||||
| #include <openssl/objects.h> | #include <openssl/objects.h> | ||||||
| #include <openssl/evp.h> | #include <openssl/evp.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static SSL_METHOD *ssl2_get_server_method(int ver); | static SSL_METHOD *ssl2_get_server_method(int ver); | ||||||
| static int get_client_master_key(SSL *s); | static int get_client_master_key(SSL *s); | ||||||
| @@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s) | |||||||
| 		n2s(p,i); s->s2->tmp.clear=i; | 		n2s(p,i); s->s2->tmp.clear=i; | ||||||
| 		n2s(p,i); s->s2->tmp.enc=i; | 		n2s(p,i); s->s2->tmp.enc=i; | ||||||
| 		n2s(p,i); s->session->key_arg_length=i; | 		n2s(p,i); s->session->key_arg_length=i; | ||||||
|  | 		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | ||||||
|  | 			{ | ||||||
|  | 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | ||||||
|  | 				   SSL_R_KEY_ARG_TOO_LONG); | ||||||
|  | 			return -1; | ||||||
|  | 			} | ||||||
| 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | ||||||
| 	p=(unsigned char *)s->init_buf->data; | 	p=(unsigned char *)s->init_buf->data; | ||||||
|  | 	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); | ||||||
| 	keya=s->session->key_arg_length; | 	keya=s->session->key_arg_length; | ||||||
| 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | ||||||
| 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | ||||||
| @@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s) | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| 	if (is_export) i+=s->s2->tmp.clear; | 	if (is_export) i+=s->s2->tmp.clear; | ||||||
|  | 	die(i <= SSL_MAX_MASTER_KEY_LENGTH); | ||||||
| 	s->session->master_key_length=i; | 	s->session->master_key_length=i; | ||||||
| 	memcpy(s->session->master_key,p,(unsigned int)i); | 	memcpy(s->session->master_key,p,(unsigned int)i); | ||||||
| 	return(1); | 	return(1); | ||||||
| @@ -670,6 +679,7 @@ static int get_client_hello(SSL *s) | |||||||
| 	p+=s->s2->tmp.session_id_length; | 	p+=s->s2->tmp.session_id_length; | ||||||
|  |  | ||||||
| 	/* challenge */ | 	/* challenge */ | ||||||
|  | 	die(s->s2->challenge_length <= sizeof s->s2->challenge); | ||||||
| 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | ||||||
| 	return(1); | 	return(1); | ||||||
| mem_err: | mem_err: | ||||||
| @@ -826,6 +836,7 @@ static int get_client_finished(SSL *s) | |||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 	/* SSL2_ST_GET_CLIENT_FINISHED_B */ | 	/* SSL2_ST_GET_CLIENT_FINISHED_B */ | ||||||
|  | 	die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | ||||||
| 	len = 1 + (unsigned long)s->s2->conn_id_length; | 	len = 1 + (unsigned long)s->s2->conn_id_length; | ||||||
| 	n = (int)len - s->init_num; | 	n = (int)len - s->init_num; | ||||||
| 	i = ssl2_read(s,(char *)&(p[s->init_num]),n); | 	i = ssl2_read(s,(char *)&(p[s->init_num]),n); | ||||||
| @@ -853,6 +864,7 @@ static int server_verify(SSL *s) | |||||||
| 		{ | 		{ | ||||||
| 		p=(unsigned char *)s->init_buf->data; | 		p=(unsigned char *)s->init_buf->data; | ||||||
| 		*(p++)=SSL2_MT_SERVER_VERIFY; | 		*(p++)=SSL2_MT_SERVER_VERIFY; | ||||||
|  | 		die(s->s2->challenge_length <= sizeof s->s2->challenge); | ||||||
| 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | ||||||
| 		/* p+=s->s2->challenge_length; */ | 		/* p+=s->s2->challenge_length; */ | ||||||
|  |  | ||||||
| @@ -872,6 +884,8 @@ static int server_finish(SSL *s) | |||||||
| 		p=(unsigned char *)s->init_buf->data; | 		p=(unsigned char *)s->init_buf->data; | ||||||
| 		*(p++)=SSL2_MT_SERVER_FINISHED; | 		*(p++)=SSL2_MT_SERVER_FINISHED; | ||||||
|  |  | ||||||
|  | 		die(s->session->session_id_length | ||||||
|  | 		    <= sizeof s->session->session_id); | ||||||
| 		memcpy(p,s->session->session_id, | 		memcpy(p,s->session->session_id, | ||||||
| 			(unsigned int)s->session->session_id_length); | 			(unsigned int)s->session->session_id_length); | ||||||
| 		/* p+=s->session->session_id_length; */ | 		/* p+=s->session->session_id_length; */ | ||||||
|   | |||||||
| @@ -117,6 +117,7 @@ | |||||||
| #include <openssl/objects.h> | #include <openssl/objects.h> | ||||||
| #include <openssl/evp.h> | #include <openssl/evp.h> | ||||||
| #include <openssl/md5.h> | #include <openssl/md5.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static SSL_METHOD *ssl3_get_client_method(int ver); | static SSL_METHOD *ssl3_get_client_method(int ver); | ||||||
| static int ssl3_client_hello(SSL *s); | static int ssl3_client_hello(SSL *s); | ||||||
| @@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s) | |||||||
| 		*(p++)=i; | 		*(p++)=i; | ||||||
| 		if (i != 0) | 		if (i != 0) | ||||||
| 			{ | 			{ | ||||||
|  | 			die(i <= sizeof s->session->session_id); | ||||||
| 			memcpy(p,s->session->session_id,i); | 			memcpy(p,s->session->session_id,i); | ||||||
| 			p+=i; | 			p+=i; | ||||||
| 			} | 			} | ||||||
| @@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s) | |||||||
| 	/* get the session-id */ | 	/* get the session-id */ | ||||||
| 	j= *(p++); | 	j= *(p++); | ||||||
|  |  | ||||||
|  |        if(j > sizeof s->session->session_id) | ||||||
|  |                { | ||||||
|  |                al=SSL_AD_ILLEGAL_PARAMETER; | ||||||
|  |                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||||||
|  |                       SSL_R_SSL3_SESSION_ID_TOO_LONG); | ||||||
|  |                goto f_err; | ||||||
|  |                } | ||||||
|  |  | ||||||
| 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) | 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) | ||||||
| 		{ | 		{ | ||||||
| 		/* SSLref returns 16 :-( */ | 		/* SSLref returns 16 :-( */ | ||||||
| @@ -1588,6 +1598,7 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||||||
| 				SSL_MAX_MASTER_KEY_LENGTH); | 				SSL_MAX_MASTER_KEY_LENGTH); | ||||||
| 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | ||||||
| 			outl += padl; | 			outl += padl; | ||||||
|  | 			die(outl <= sizeof epms); | ||||||
| 			EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 			EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||||||
|  |  | ||||||
| 			/*  KerberosWrapper.EncryptedPreMasterSecret	*/ | 			/*  KerberosWrapper.EncryptedPreMasterSecret	*/ | ||||||
|   | |||||||
| @@ -123,6 +123,7 @@ | |||||||
| #include <openssl/x509.h> | #include <openssl/x509.h> | ||||||
| #include <openssl/krb5_asn.h> | #include <openssl/krb5_asn.h> | ||||||
| #include <openssl/md5.h> | #include <openssl/md5.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static SSL_METHOD *ssl3_get_server_method(int ver); | static SSL_METHOD *ssl3_get_server_method(int ver); | ||||||
| static int ssl3_get_client_hello(SSL *s); | static int ssl3_get_client_hello(SSL *s); | ||||||
| @@ -964,6 +965,7 @@ static int ssl3_send_server_hello(SSL *s) | |||||||
| 			s->session->session_id_length=0; | 			s->session->session_id_length=0; | ||||||
|  |  | ||||||
| 		sl=s->session->session_id_length; | 		sl=s->session->session_id_length; | ||||||
|  | 		die(sl <= sizeof s->session->session_id); | ||||||
| 		*(p++)=sl; | 		*(p++)=sl; | ||||||
| 		memcpy(p,s->session->session_id,sl); | 		memcpy(p,s->session->session_id,sl); | ||||||
| 		p+=sl; | 		p+=sl; | ||||||
| @@ -1559,8 +1561,8 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||||||
| 		EVP_CIPHER		*enc = NULL; | 		EVP_CIPHER		*enc = NULL; | ||||||
| 		unsigned char		iv[EVP_MAX_IV_LENGTH]; | 		unsigned char		iv[EVP_MAX_IV_LENGTH]; | ||||||
| 		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH | 		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH | ||||||
| 						+ EVP_MAX_IV_LENGTH + 1]; |                                                + EVP_MAX_BLOCK_LENGTH]; | ||||||
| 		int 			padl, outl = sizeof(pms); | 		int                     padl, outl; | ||||||
| 		krb5_timestamp		authtime = 0; | 		krb5_timestamp		authtime = 0; | ||||||
| 		krb5_ticket_times	ttimes; | 		krb5_ticket_times	ttimes; | ||||||
|  |  | ||||||
| @@ -1583,6 +1585,16 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||||||
| 		enc_pms.data = (char *)p; | 		enc_pms.data = (char *)p; | ||||||
| 		p+=enc_pms.length; | 		p+=enc_pms.length; | ||||||
|  |  | ||||||
|  | 		/* Note that the length is checked again below, | ||||||
|  | 		** after decryption | ||||||
|  | 		*/ | ||||||
|  | 		if(enc.pms_length > sizeof pms) | ||||||
|  | 			{ | ||||||
|  | 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||||||
|  | 			       SSL_R_DATA_LENGTH_TOO_LONG); | ||||||
|  | 			goto err; | ||||||
|  | 			} | ||||||
|  |  | ||||||
| 		if (n != enc_ticket.length + authenticator.length + | 		if (n != enc_ticket.length + authenticator.length + | ||||||
| 						enc_pms.length + 6) | 						enc_pms.length + 6) | ||||||
| 			{ | 			{ | ||||||
|   | |||||||
| @@ -1667,6 +1667,7 @@ void ERR_load_SSL_strings(void); | |||||||
| #define SSL_R_INVALID_COMMAND				 280 | #define SSL_R_INVALID_COMMAND				 280 | ||||||
| #define SSL_R_INVALID_PURPOSE				 278 | #define SSL_R_INVALID_PURPOSE				 278 | ||||||
| #define SSL_R_INVALID_TRUST				 279 | #define SSL_R_INVALID_TRUST				 279 | ||||||
|  | #define SSL_R_KEY_ARG_TOO_LONG				 1112 | ||||||
| #define SSL_R_KRB5					 1104 | #define SSL_R_KRB5					 1104 | ||||||
| #define SSL_R_KRB5_C_CC_PRINC				 1094 | #define SSL_R_KRB5_C_CC_PRINC				 1094 | ||||||
| #define SSL_R_KRB5_C_GET_CRED				 1095 | #define SSL_R_KRB5_C_GET_CRED				 1095 | ||||||
| @@ -1746,6 +1747,7 @@ void ERR_load_SSL_strings(void); | |||||||
| #define SSL_R_SHORT_READ				 219 | #define SSL_R_SHORT_READ				 219 | ||||||
| #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220 | ||||||
| #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221 | ||||||
|  | #define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113 | ||||||
| #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222 | ||||||
| #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042 | ||||||
| #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020 | ||||||
|   | |||||||
| @@ -62,6 +62,7 @@ | |||||||
| #include <openssl/asn1_mac.h> | #include <openssl/asn1_mac.h> | ||||||
| #include <openssl/objects.h> | #include <openssl/objects.h> | ||||||
| #include <openssl/x509.h> | #include <openssl/x509.h> | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| typedef struct ssl_session_asn1_st | typedef struct ssl_session_asn1_st | ||||||
| 	{ | 	{ | ||||||
| @@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, | |||||||
| 		os.length=i; | 		os.length=i; | ||||||
|  |  | ||||||
| 	ret->session_id_length=os.length; | 	ret->session_id_length=os.length; | ||||||
|  | 	die(os.length <= sizeof ret->session_id); | ||||||
| 	memcpy(ret->session_id,os.data,os.length); | 	memcpy(ret->session_id,os.data,os.length); | ||||||
|  |  | ||||||
| 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| /* ssl/ssl_err.c */ | /* ssl/ssl_err.c */ | ||||||
| /* ==================================================================== | /* ==================================================================== | ||||||
|  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved. |  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved. | ||||||
|  * |  * | ||||||
|  * Redistribution and use in source and binary forms, with or without |  * Redistribution and use in source and binary forms, with or without | ||||||
|  * modification, are permitted provided that the following conditions |  * modification, are permitted provided that the following conditions | ||||||
| @@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||||||
| {SSL_R_INVALID_COMMAND                   ,"invalid command"}, | {SSL_R_INVALID_COMMAND                   ,"invalid command"}, | ||||||
| {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"}, | {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"}, | ||||||
| {SSL_R_INVALID_TRUST                     ,"invalid trust"}, | {SSL_R_INVALID_TRUST                     ,"invalid trust"}, | ||||||
|  | {SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"}, | ||||||
| {SSL_R_KRB5                              ,"krb5"}, | {SSL_R_KRB5                              ,"krb5"}, | ||||||
| {SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"}, | {SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"}, | ||||||
| {SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"}, | {SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"}, | ||||||
| @@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||||||
| {SSL_R_SHORT_READ                        ,"short read"}, | {SSL_R_SHORT_READ                        ,"short read"}, | ||||||
| {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | ||||||
| {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"}, | {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"}, | ||||||
|  | {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"}, | ||||||
| {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"}, | {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"}, | ||||||
| {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"}, | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"}, | ||||||
| {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"}, | {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"}, | ||||||
|   | |||||||
| @@ -60,6 +60,7 @@ | |||||||
| #include <openssl/lhash.h> | #include <openssl/lhash.h> | ||||||
| #include <openssl/rand.h> | #include <openssl/rand.h> | ||||||
| #include "ssl_locl.h" | #include "ssl_locl.h" | ||||||
|  | #include "cryptlib.h" | ||||||
|  |  | ||||||
| static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | ||||||
| static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | ||||||
| @@ -250,6 +251,7 @@ int ssl_get_new_session(SSL *s, int session) | |||||||
| 		ss->session_id_length=0; | 		ss->session_id_length=0; | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
|  | 	die(s->sid_ctx_length <= sizeof ss->sid_ctx); | ||||||
| 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | ||||||
| 	ss->sid_ctx_length=s->sid_ctx_length; | 	ss->sid_ctx_length=s->sid_ctx_length; | ||||||
| 	s->session=ss; | 	s->session=ss; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Lutz Jänicke
					Lutz Jänicke