summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrad <>2003-10-01 22:46:22 +0000
committerbrad <>2003-10-01 22:46:22 +0000
commit2090f88646016d40fe8f16635bd274711171e5d9 (patch)
tree1ccfa4ff54abec8dad5f69e102bf10ac7c7816f0
parentc4a5e23a629462f7c5d45410243a6450fde919ee (diff)
downloadopenbsd-OPENBSD_3_2.tar.gz
openbsd-OPENBSD_3_2.tar.bz2
openbsd-OPENBSD_3_2.zip
Pull patch from -current:OPENBSD_3_2
SECURITY FIX Fixed by markus@ security fix from http://www.openssl.org/news/secadv_20030930.txt ok markus@ deraadt@
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c9
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.c2
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c14
5 files changed, 22 insertions, 6 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index 0638870ab7..e30d5dd303 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
104 l<<=7L; 104 l<<=7L;
105 l|= *(p++)&0x7f; 105 l|= *(p++)&0x7f;
106 if (--max == 0) goto err; 106 if (--max == 0) goto err;
107 if (l > (INT_MAX >> 7L)) goto err;
107 } 108 }
108 l<<=7L; 109 l<<=7L;
109 l|= *(p++)&0x7f; 110 l|= *(p++)&0x7f;
110 tag=(int)l; 111 tag=(int)l;
112 if (--max == 0) goto err;
111 } 113 }
112 else 114 else
113 { 115 {
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index f87c08793a..666061e2b7 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
691 691
692int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) 692int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
693{ 693{
694 ASN1_VALUE **opval = NULL;
694 ASN1_STRING *stmp; 695 ASN1_STRING *stmp;
695 ASN1_TYPE *typ = NULL; 696 ASN1_TYPE *typ = NULL;
696 int ret = 0; 697 int ret = 0;
@@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
705 *pval = (ASN1_VALUE *)typ; 706 *pval = (ASN1_VALUE *)typ;
706 } else typ = (ASN1_TYPE *)*pval; 707 } else typ = (ASN1_TYPE *)*pval;
707 if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); 708 if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
709 opval = pval;
708 pval = (ASN1_VALUE **)&typ->value.ptr; 710 pval = (ASN1_VALUE **)&typ->value.ptr;
709 } 711 }
710 switch(utype) { 712 switch(utype) {
@@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
796 798
797 ret = 1; 799 ret = 1;
798 err: 800 err:
799 if(!ret) ASN1_TYPE_free(typ); 801 if(!ret)
802 {
803 ASN1_TYPE_free(typ);
804 if (opval)
805 *opval = NULL;
806 }
800 return ret; 807 return ret;
801} 808}
802 809
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index db12f7bd35..372e58a597 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
674 ok=(*cb)(0,ctx); 674 ok=(*cb)(0,ctx);
675 if (!ok) goto end; 675 if (!ok) goto end;
676 } 676 }
677 if (X509_verify(xs,pkey) <= 0) 677 else if (X509_verify(xs,pkey) <= 0)
678 /* XXX For the final trusted self-signed cert, 678 /* XXX For the final trusted self-signed cert,
679 * this is a waste of time. That check should 679 * this is a waste of time. That check should
680 * optional so that e.g. 'openssl x509' can be 680 * optional so that e.g. 'openssl x509' can be
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 7da9363ef5..1b14954afe 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1752,6 +1752,7 @@ static int ssl3_send_client_verify(SSL *s)
1752 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 1752 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
1753 l2n3(n,d); 1753 l2n3(n,d);
1754 1754
1755 s->state=SSL3_ST_CW_CERT_VRFY_B;
1755 s->init_num=(int)n+4; 1756 s->init_num=(int)n+4;
1756 s->init_off=0; 1757 s->init_off=0;
1757 } 1758 }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index a2c17f2950..bdf3854dc0 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -425,10 +425,11 @@ int ssl3_accept(SSL *s)
425 if (ret == 2) 425 if (ret == 2)
426 s->state = SSL3_ST_SR_CLNT_HELLO_C; 426 s->state = SSL3_ST_SR_CLNT_HELLO_C;
427 else { 427 else {
428 /* could be sent for a DH cert, even if we 428 if (s->s3->tmp.cert_request)
429 * have not asked for it :-) */ 429 {
430 ret=ssl3_get_client_certificate(s); 430 ret=ssl3_get_client_certificate(s);
431 if (ret <= 0) goto end; 431 if (ret <= 0) goto end;
432 }
432 s->init_num=0; 433 s->init_num=0;
433 s->state=SSL3_ST_SR_KEY_EXCH_A; 434 s->state=SSL3_ST_SR_KEY_EXCH_A;
434 } 435 }
@@ -838,6 +839,9 @@ static int ssl3_get_client_hello(SSL *s)
838 } 839 }
839 840
840 /* TLS does not mind if there is extra stuff */ 841 /* TLS does not mind if there is extra stuff */
842#if 0 /* SSL 3.0 does not mind either, so we should disable this test
843 * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
844 * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
841 if (s->version == SSL3_VERSION) 845 if (s->version == SSL3_VERSION)
842 { 846 {
843 if (p < (d+n)) 847 if (p < (d+n))
@@ -849,6 +853,7 @@ static int ssl3_get_client_hello(SSL *s)
849 goto f_err; 853 goto f_err;
850 } 854 }
851 } 855 }
856#endif
852 857
853 /* Given s->session->ciphers and SSL_get_ciphers, we must 858 /* Given s->session->ciphers and SSL_get_ciphers, we must
854 * pick a cipher */ 859 * pick a cipher */
@@ -1346,6 +1351,7 @@ static int ssl3_send_certificate_request(SSL *s)
1346 s->init_num += 4; 1351 s->init_num += 4;
1347#endif 1352#endif
1348 1353
1354 s->state = SSL3_ST_SW_CERT_REQ_B;
1349 } 1355 }
1350 1356
1351 /* SSL3_ST_SW_CERT_REQ_B */ 1357 /* SSL3_ST_SW_CERT_REQ_B */