From 9b13f71feea604d9bc5c7ef9513249394d8dc259 Mon Sep 17 00:00:00 2001
From: nectar <nectar@FreeBSD.org>
Date: Tue, 30 Jul 2002 13:58:53 +0000
Subject: Resolve conflicts after import of OpenSSL 0.9.6e.

---
 crypto/openssl/crypto/des/des.h     |  2 +-
 crypto/openssl/crypto/evp/evp.h     |  2 +-
 crypto/openssl/crypto/rsa/rsa_eay.c |  2 +-
 crypto/openssl/ssl/s2_clnt.c        | 11 +++++++++--
 crypto/openssl/ssl/s2_lib.c         | 10 +++++++++-
 crypto/openssl/ssl/s2_srvr.c        | 17 +++++++++++++++--
 6 files changed, 36 insertions(+), 8 deletions(-)

(limited to 'crypto')

diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h
index 5b5064a..e254c2a 100644
--- a/crypto/openssl/crypto/des/des.h
+++ b/crypto/openssl/crypto/des/des.h
@@ -190,7 +190,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
 		  des_cblock *iv);
 char *des_fcrypt(const char *buf,const char *salt, char *ret);
 char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
 char *crypt(const char *buf,const char *salt);
 #endif
 void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index b7acdf3..e22089a 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -230,7 +230,7 @@ typedef struct evp_pkey_md_st
 			EVP_rsa_octet_string(),EVP_mdc2())
 #define EVP_dsa_sha() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA,\
-			EVP_dsa(),EVP_mdc2())
+			EVP_dsa(),EVP_sha())
 #define EVP_dsa_sha1() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
 			EVP_dsa(),EVP_sha1())
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index 49cbd73..e861a49 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -477,10 +477,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	int ret=0;
 	BN_CTX *ctx;
 
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
 	BN_init(&vrfy);
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 4ea0023..5f83570 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -54,8 +54,6 @@
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
- *
- * $FreeBSD$
  */
 /* ====================================================================
  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
@@ -109,6 +107,7 @@
  * (eay@cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh@cryptsoft.com).
  *
+ * $FreeBSD$
  */
 
 #include "ssl_locl.h"
@@ -118,6 +117,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -519,6 +519,7 @@ static int get_server_hello(SSL *s)
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -620,6 +621,7 @@ static int client_master_key(SSL *s)
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
+		die(i <= SSL_MAX_KEY_ARG_LENGTH);
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -627,6 +629,7 @@ static int client_master_key(SSL *s)
 		sess->master_key_length=i;
 		if (i > 0)
 			{
+			die(i <= sizeof sess->master_key);
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -670,6 +673,7 @@ static int client_master_key(SSL *s)
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		die(karg <= sizeof sess->key_arg);
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -690,6 +694,7 @@ static int client_finished(SSL *s)
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -946,6 +951,8 @@ static int get_server_finished(SSL *s)
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
+			die(s->session->session_id_length
+			    <= sizeof s->session->session_id);
 			if (memcmp(buf,s->session->session_id,
 				(unsigned int)s->session->session_id_length) != 0)
 				{
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index a524dab..5f8d7b1 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -64,6 +64,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -78,7 +79,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
+	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+	0,
 	0,
 	0,
 	SSL_ALL_CIPHERS,
@@ -198,6 +200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
+	SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -427,10 +430,14 @@ void ssl2_generate_key_material(SSL *s)
 #endif
 
 	km=s->s2->key_material;
+ 	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		MD5_Init(&ctx);
 
+ 		die(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+ 		    < sizeof s->session->master_key);
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
 		MD5_Update(&ctx,&c,1);
 		c++;
@@ -465,6 +472,7 @@ void ssl2_write_error(SSL *s)
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
 
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 5897d00..b725800 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -54,8 +54,6 @@
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
- *
- * $FreeBSD$
  */
 /* ====================================================================
  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
@@ -109,6 +107,7 @@
  * (eay@cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh@cryptsoft.com).
  *
+ * $FreeBSD$
  */
 
 #include "ssl_locl.h"
@@ -118,6 +117,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -419,11 +419,18 @@ static int get_client_master_key(SSL *s)
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+				   SSL_R_KEY_ARG_TOO_LONG);
+			return -1;
+			}
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
 	keya=s->session->key_arg_length;
 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +511,7 @@ static int get_client_master_key(SSL *s)
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
+	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -651,6 +659,7 @@ static int get_client_hello(SSL *s)
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	die(s->s2->challenge_length <= sizeof s->s2->challenge);
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -802,6 +811,7 @@ static int get_client_finished(SSL *s)
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
 	len = 1 + (unsigned long)s->s2->conn_id_length;
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -827,6 +837,7 @@ static int server_verify(SSL *s)
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		die(s->s2->challenge_length <= sizeof s->s2->challenge);
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -846,6 +857,8 @@ static int server_finish(SSL *s)
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
+		die(s->session->session_id_length
+		    <= sizeof s->session->session_id);
 		memcpy(p,s->session->session_id,
 			(unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
-- 
cgit v1.1