summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbz <bz@FreeBSD.org>2012-05-30 12:01:28 +0000
committerbz <bz@FreeBSD.org>2012-05-30 12:01:28 +0000
commitd2e144fbe85bda158b8f8dc37eefdec358d88107 (patch)
tree65737bc2effe2c9fe69b85d98c9b789db453e3d5
parentabc1dafefabb78b40381e8df4b7dc98089ce60e0 (diff)
downloadFreeBSD-src-d2e144fbe85bda158b8f8dc37eefdec358d88107.zip
FreeBSD-src-d2e144fbe85bda158b8f8dc37eefdec358d88107.tar.gz
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
-rw-r--r--crypto/openssl/crypto/buffer/buffer.c2
-rw-r--r--crypto/openssl/ssl/s3_srvr.c15
-rw-r--r--secure/lib/libcrypt/crypt-des.c2
3 files changed, 9 insertions, 10 deletions
diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/openssl/crypto/buffer/buffer.c
index 0335d48..3b4c79f 100644
--- a/crypto/openssl/crypto/buffer/buffer.c
+++ b/crypto/openssl/crypto/buffer/buffer.c
@@ -166,7 +166,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
if (len > LIMIT_BEFORE_EXPANSION)
{
- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
return 0;
}
n=(len+3)/3*4;
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 24e4991..36d929b 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -698,14 +698,6 @@ int ssl3_check_client_hello(SSL *s)
int ok;
long n;
- /* We only allow the client to restart the handshake once per
- * negotiation. */
- if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
- {
- SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
- return -1;
- }
-
/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
n=s->method->ssl_get_message(s,
@@ -718,6 +710,13 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.reuse_message = 1;
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
{
+ /* We only allow the client to restart the handshake once per
+ * negotiation. */
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+ return -1;
+ }
/* Throw away what we have done so far in the current handshake,
* which will now be aborted. (A full SSL_clear would be too much.) */
#ifndef OPENSSL_NO_DH
diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c
index 9adff93..6bb9bc0 100644
--- a/secure/lib/libcrypt/crypt-des.c
+++ b/secure/lib/libcrypt/crypt-des.c
@@ -606,7 +606,7 @@ crypt_des(const char *key, const char *setting)
q = (u_char *)keybuf;
while (q - (u_char *)keybuf - 8) {
*q++ = *key << 1;
- if (*(q - 1))
+ if (*key != '\0')
key++;
}
if (des_setkey((char *)keybuf))
OpenPOWER on IntegriCloud