summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2002-07-30 13:58:53 +0000
committernectar <nectar@FreeBSD.org>2002-07-30 13:58:53 +0000
commit9b13f71feea604d9bc5c7ef9513249394d8dc259 (patch)
tree9bcff53ee9874b102b5ae3130c375dbd20728dbd /crypto
parent9b2d8504539be7c47e0a668f28f683954960e251 (diff)
downloadFreeBSD-src-9b13f71feea604d9bc5c7ef9513249394d8dc259.zip
FreeBSD-src-9b13f71feea604d9bc5c7ef9513249394d8dc259.tar.gz
Resolve conflicts after import of OpenSSL 0.9.6e.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/crypto/des/des.h2
-rw-r--r--crypto/openssl/crypto/evp/evp.h2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c2
-rw-r--r--crypto/openssl/ssl/s2_clnt.c11
-rw-r--r--crypto/openssl/ssl/s2_lib.c10
-rw-r--r--crypto/openssl/ssl/s2_srvr.c17
6 files changed, 36 insertions, 8 deletions
diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h
index 5b5064a..e254c2a 100644
--- a/crypto/openssl/crypto/des/des.h
+++ b/crypto/openssl/crypto/des/des.h
@@ -190,7 +190,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
des_cblock *iv);
char *des_fcrypt(const char *buf,const char *salt, char *ret);
char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
char *crypt(const char *buf,const char *salt);
#endif
void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index b7acdf3..e22089a 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -230,7 +230,7 @@ typedef struct evp_pkey_md_st
EVP_rsa_octet_string(),EVP_mdc2())
#define EVP_dsa_sha() \
EVP_PKEY_MD_add(NID_dsaWithSHA,\
- EVP_dsa(),EVP_mdc2())
+ EVP_dsa(),EVP_sha())
#define EVP_dsa_sha1() \
EVP_PKEY_MD_add(NID_dsaWithSHA1,\
EVP_dsa(),EVP_sha1())
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 49cbd73..e861a49 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -477,10 +477,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
int ret=0;
BN_CTX *ctx;
- if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&m1);
BN_init(&r1);
BN_init(&vrfy);
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
{
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 4ea0023..5f83570 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
@@ -109,6 +107,7 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
+ * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -118,6 +117,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -519,6 +519,7 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,6 +621,7 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -627,6 +629,7 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -670,6 +673,7 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -690,6 +694,7 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -946,6 +951,8 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index a524dab..5f8d7b1 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -64,6 +64,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -78,7 +79,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
+ SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+ 0,
0,
0,
SSL_ALL_CIPHERS,
@@ -198,6 +200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL,
SSL2_CK_NULL,
0,
+ SSL_STRONG_NONE,
0,
0,
0,
@@ -427,10 +430,14 @@ void ssl2_generate_key_material(SSL *s)
#endif
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
MD5_Init(&ctx);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -465,6 +472,7 @@ void ssl2_write_error(SSL *s)
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 5897d00..b725800 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
@@ -109,6 +107,7 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
+ * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -118,6 +117,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -419,11 +419,18 @@ static int get_client_master_key(SSL *s)
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +511,7 @@ static int get_client_master_key(SSL *s)
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -651,6 +659,7 @@ static int get_client_hello(SSL *s)
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -802,6 +811,7 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -827,6 +837,7 @@ static int server_verify(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -846,6 +857,8 @@ static int server_finish(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
OpenPOWER on IntegriCloud