diff options
author | nectar <nectar@FreeBSD.org> | 2002-07-30 13:58:53 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-07-30 13:58:53 +0000 |
commit | 9b13f71feea604d9bc5c7ef9513249394d8dc259 (patch) | |
tree | 9bcff53ee9874b102b5ae3130c375dbd20728dbd /crypto | |
parent | 9b2d8504539be7c47e0a668f28f683954960e251 (diff) | |
download | FreeBSD-src-9b13f71feea604d9bc5c7ef9513249394d8dc259.zip FreeBSD-src-9b13f71feea604d9bc5c7ef9513249394d8dc259.tar.gz |
Resolve conflicts after import of OpenSSL 0.9.6e.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssl/crypto/des/des.h | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/evp.h | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/rsa/rsa_eay.c | 2 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_clnt.c | 11 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_lib.c | 10 | ||||
-rw-r--r-- | crypto/openssl/ssl/s2_srvr.c | 17 |
6 files changed, 36 insertions, 8 deletions
diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h index 5b5064a..e254c2a 100644 --- a/crypto/openssl/crypto/des/des.h +++ b/crypto/openssl/crypto/des/des.h @@ -190,7 +190,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched, des_cblock *iv); char *des_fcrypt(const char *buf,const char *salt, char *ret); char *des_crypt(const char *buf,const char *salt); -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN) char *crypt(const char *buf,const char *salt); #endif void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index b7acdf3..e22089a 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -230,7 +230,7 @@ typedef struct evp_pkey_md_st EVP_rsa_octet_string(),EVP_mdc2()) #define EVP_dsa_sha() \ EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_mdc2()) + EVP_dsa(),EVP_sha()) #define EVP_dsa_sha1() \ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ EVP_dsa(),EVP_sha1()) diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index 49cbd73..e861a49 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -477,10 +477,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) int ret=0; BN_CTX *ctx; - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&m1); BN_init(&r1); BN_init(&vrfy); + if ((ctx=BN_CTX_new()) == NULL) goto err; if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 4ea0023..5f83570 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. @@ -109,6 +107,7 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * + * $FreeBSD$ */ #include "ssl_locl.h" @@ -118,6 +117,7 @@ #include <openssl/buffer.h> #include <openssl/objects.h> #include <openssl/evp.h> +#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -519,6 +519,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -620,6 +621,7 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; + die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -627,6 +629,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { + die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -670,6 +673,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ + die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -690,6 +694,7 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -946,6 +951,8 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { + die(s->session->session_id_length + <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) { diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index a524dab..5f8d7b1 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -64,6 +64,7 @@ #include <openssl/rsa.h> #include <openssl/objects.h> #include <openssl/md5.h> +#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -78,7 +79,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -198,6 +200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, @@ -427,10 +430,14 @@ void ssl2_generate_key_material(SSL *s) #endif km=s->s2->key_material; + die(s->s2->key_material_length <= sizeof s->s2->key_material); for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) { MD5_Init(&ctx); + die(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); MD5_Update(&ctx,&c,1); c++; @@ -465,6 +472,7 @@ void ssl2_write_error(SSL *s) /* state=s->rwstate;*/ error=s->error; s->error=0; + die(error >= 0 && error <= 3); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 5897d00..b725800 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. @@ -109,6 +107,7 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * + * $FreeBSD$ */ #include "ssl_locl.h" @@ -118,6 +117,7 @@ #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> +#include "cryptlib.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); @@ -419,11 +419,18 @@ static int get_client_master_key(SSL *s) n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; n2s(p,i); s->session->key_arg_length=i; + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_KEY_ARG_TOO_LONG); + return -1; + } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) @@ -504,6 +511,7 @@ static int get_client_master_key(SSL *s) #endif if (is_export) i+=s->s2->tmp.clear; + die(i <= SSL_MAX_MASTER_KEY_LENGTH); s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); @@ -651,6 +659,7 @@ static int get_client_hello(SSL *s) p+=s->s2->tmp.session_id_length; /* challenge */ + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: @@ -802,6 +811,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); @@ -827,6 +837,7 @@ static int server_verify(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ @@ -846,6 +857,8 @@ static int server_finish(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; + die(s->session->session_id_length + <= sizeof s->session->session_id); memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ |