summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarkus <>2002-07-30 16:00:16 +0000
committermarkus <>2002-07-30 16:00:16 +0000
commitb16c13ed2fd774b1e93a0165b809fda9376b3fc4 (patch)
tree5cd7e8e3dd15c5a8b25bce74c5b82182b5081b19
parentc54a116b266c232d9e0ffad482eb5f8b98130ac4 (diff)
downloadopenbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.tar.gz
openbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.tar.bz2
openbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.zip
sync with http://www.openssl.org/news/patch_20020730_0_9_7.txt
(adds fix for unused kerberos and engine code, and some more assertions, as well as a 64bit integer string fix for conf_mod.c)
Diffstat
-rw-r--r--src/lib/libcrypto/conf/conf_mod.c2
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c16
-rw-r--r--src/lib/libssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/s3_srvr.c18
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_mod.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_cswift.c16
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c1
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c18
8 files changed, 48 insertions, 26 deletions
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index f92babc2e2..edcc08921c 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
230 { 230 {
231 if (!(flags & CONF_MFLAGS_SILENT)) 231 if (!(flags & CONF_MFLAGS_SILENT))
232 { 232 {
233 char rcode[10]; 233 char rcode[DECIMAL_SIZE(ret)+1];
234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); 234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235 sprintf(rcode, "%-8d", ret); 235 sprintf(rcode, "%-8d", ret);
236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index d8b380550f..da732abce0 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -484,7 +484,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
484 goto err; 484 goto err;
485 default: 485 default:
486 { 486 {
487 char tmpbuf[20]; 487 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); 488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
489 sprintf(tmpbuf, "%ld", sw_status); 489 sprintf(tmpbuf, "%ld", sw_status);
490 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 490 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
501 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, 501 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
502 &res, 1)) != SW_OK) 502 &res, 1)) != SW_OK)
503 { 503 {
504 char tmpbuf[20]; 504 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); 505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
506 sprintf(tmpbuf, "%ld", sw_status); 506 sprintf(tmpbuf, "%ld", sw_status);
507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -591,7 +591,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
591 goto err; 591 goto err;
592 default: 592 default:
593 { 593 {
594 char tmpbuf[20]; 594 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
595 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); 595 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
596 sprintf(tmpbuf, "%ld", sw_status); 596 sprintf(tmpbuf, "%ld", sw_status);
597 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 597 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
608 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, 608 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
609 &res, 1)) != SW_OK) 609 &res, 1)) != SW_OK)
610 { 610 {
611 char tmpbuf[20]; 611 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); 612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
613 sprintf(tmpbuf, "%ld", sw_status); 613 sprintf(tmpbuf, "%ld", sw_status);
614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -723,7 +723,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
723 goto err; 723 goto err;
724 default: 724 default:
725 { 725 {
726 char tmpbuf[20]; 726 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
727 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); 727 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
728 sprintf(tmpbuf, "%ld", sw_status); 728 sprintf(tmpbuf, "%ld", sw_status);
729 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 729 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -741,7 +741,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
741 &res, 1); 741 &res, 1);
742 if(sw_status != SW_OK) 742 if(sw_status != SW_OK)
743 { 743 {
744 char tmpbuf[20]; 744 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
745 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); 745 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
746 sprintf(tmpbuf, "%ld", sw_status); 746 sprintf(tmpbuf, "%ld", sw_status);
747 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 747 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -835,7 +835,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
835 goto err; 835 goto err;
836 default: 836 default:
837 { 837 {
838 char tmpbuf[20]; 838 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
839 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); 839 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
840 sprintf(tmpbuf, "%ld", sw_status); 840 sprintf(tmpbuf, "%ld", sw_status);
841 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 841 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -857,7 +857,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
857 &res, 1); 857 &res, 1);
858 if(sw_status != SW_OK) 858 if(sw_status != SW_OK)
859 { 859 {
860 char tmpbuf[20]; 860 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
861 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); 861 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
862 sprintf(tmpbuf, "%ld", sw_status); 862 sprintf(tmpbuf, "%ld", sw_status);
863 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 863 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b6be748932..5d3efac2cd 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1597,6 +1597,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
1597 SSL_MAX_MASTER_KEY_LENGTH); 1597 SSL_MAX_MASTER_KEY_LENGTH);
1598 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1598 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
1599 outl += padl; 1599 outl += padl;
1600 die(outl <= sizeof epms);
1600 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1601 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1601 1602
1602 /* KerberosWrapper.EncryptedPreMasterSecret */ 1603 /* KerberosWrapper.EncryptedPreMasterSecret */
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 3748cd7c24..f03c290a3e 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -114,14 +114,14 @@
114 114
115 115
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h"
118#include "kssl_lcl.h"
117#include <openssl/buffer.h> 119#include <openssl/buffer.h>
118#include <openssl/rand.h> 120#include <openssl/rand.h>
119#include <openssl/objects.h> 121#include <openssl/objects.h>
120#include <openssl/evp.h> 122#include <openssl/evp.h>
121#include <openssl/x509.h> 123#include <openssl/x509.h>
122#include <openssl/krb5_asn.h> 124#include <openssl/krb5_asn.h>
123#include "ssl_locl.h"
124#include "kssl_lcl.h"
125#include <openssl/md5.h> 125#include <openssl/md5.h>
126 126
127static SSL_METHOD *ssl3_get_server_method(int ver); 127static SSL_METHOD *ssl3_get_server_method(int ver);
@@ -1560,8 +1560,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
1560 EVP_CIPHER *enc = NULL; 1560 EVP_CIPHER *enc = NULL;
1561 unsigned char iv[EVP_MAX_IV_LENGTH]; 1561 unsigned char iv[EVP_MAX_IV_LENGTH];
1562 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH 1562 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
1563 + EVP_MAX_IV_LENGTH + 1]; 1563 + EVP_MAX_BLOCK_LENGTH];
1564 int padl, outl = sizeof(pms); 1564 int padl, outl;
1565 krb5_timestamp authtime = 0; 1565 krb5_timestamp authtime = 0;
1566 krb5_ticket_times ttimes; 1566 krb5_ticket_times ttimes;
1567 1567
@@ -1584,6 +1584,16 @@ static int ssl3_get_client_key_exchange(SSL *s)
1584 enc_pms.data = (char *)p; 1584 enc_pms.data = (char *)p;
1585 p+=enc_pms.length; 1585 p+=enc_pms.length;
1586 1586
1587 /* Note that the length is checked again below,
1588 ** after decryption
1589 */
1590 if(enc_pms.length > sizeof pms)
1591 {
1592 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1593 SSL_R_DATA_LENGTH_TOO_LONG);
1594 goto err;
1595 }
1596
1587 if (n != enc_ticket.length + authenticator.length + 1597 if (n != enc_ticket.length + authenticator.length +
1588 enc_pms.length + 6) 1598 enc_pms.length + 6)
1589 { 1599 {
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index f92babc2e2..edcc08921c 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
230 { 230 {
231 if (!(flags & CONF_MFLAGS_SILENT)) 231 if (!(flags & CONF_MFLAGS_SILENT))
232 { 232 {
233 char rcode[10]; 233 char rcode[DECIMAL_SIZE(ret)+1];
234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); 234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235 sprintf(rcode, "%-8d", ret); 235 sprintf(rcode, "%-8d", ret);
236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
diff --git a/src/lib/libssl/src/crypto/engine/hw_cswift.c b/src/lib/libssl/src/crypto/engine/hw_cswift.c
index d8b380550f..da732abce0 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cswift.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cswift.c
@@ -484,7 +484,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
484 goto err; 484 goto err;
485 default: 485 default:
486 { 486 {
487 char tmpbuf[20]; 487 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); 488 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
489 sprintf(tmpbuf, "%ld", sw_status); 489 sprintf(tmpbuf, "%ld", sw_status);
490 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 490 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
501 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, 501 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
502 &res, 1)) != SW_OK) 502 &res, 1)) != SW_OK)
503 { 503 {
504 char tmpbuf[20]; 504 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); 505 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
506 sprintf(tmpbuf, "%ld", sw_status); 506 sprintf(tmpbuf, "%ld", sw_status);
507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 507 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -591,7 +591,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
591 goto err; 591 goto err;
592 default: 592 default:
593 { 593 {
594 char tmpbuf[20]; 594 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
595 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); 595 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
596 sprintf(tmpbuf, "%ld", sw_status); 596 sprintf(tmpbuf, "%ld", sw_status);
597 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 597 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
608 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, 608 if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
609 &res, 1)) != SW_OK) 609 &res, 1)) != SW_OK)
610 { 610 {
611 char tmpbuf[20]; 611 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); 612 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
613 sprintf(tmpbuf, "%ld", sw_status); 613 sprintf(tmpbuf, "%ld", sw_status);
614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 614 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -723,7 +723,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
723 goto err; 723 goto err;
724 default: 724 default:
725 { 725 {
726 char tmpbuf[20]; 726 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
727 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); 727 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
728 sprintf(tmpbuf, "%ld", sw_status); 728 sprintf(tmpbuf, "%ld", sw_status);
729 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 729 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -741,7 +741,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
741 &res, 1); 741 &res, 1);
742 if(sw_status != SW_OK) 742 if(sw_status != SW_OK)
743 { 743 {
744 char tmpbuf[20]; 744 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
745 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); 745 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
746 sprintf(tmpbuf, "%ld", sw_status); 746 sprintf(tmpbuf, "%ld", sw_status);
747 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 747 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -835,7 +835,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
835 goto err; 835 goto err;
836 default: 836 default:
837 { 837 {
838 char tmpbuf[20]; 838 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
839 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); 839 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
840 sprintf(tmpbuf, "%ld", sw_status); 840 sprintf(tmpbuf, "%ld", sw_status);
841 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 841 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -857,7 +857,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
857 &res, 1); 857 &res, 1);
858 if(sw_status != SW_OK) 858 if(sw_status != SW_OK)
859 { 859 {
860 char tmpbuf[20]; 860 char tmpbuf[DECIMAL_SIZE(sw_status)+1];
861 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); 861 CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
862 sprintf(tmpbuf, "%ld", sw_status); 862 sprintf(tmpbuf, "%ld", sw_status);
863 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); 863 ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b6be748932..5d3efac2cd 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1597,6 +1597,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
1597 SSL_MAX_MASTER_KEY_LENGTH); 1597 SSL_MAX_MASTER_KEY_LENGTH);
1598 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1598 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
1599 outl += padl; 1599 outl += padl;
1600 die(outl <= sizeof epms);
1600 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1601 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1601 1602
1602 /* KerberosWrapper.EncryptedPreMasterSecret */ 1603 /* KerberosWrapper.EncryptedPreMasterSecret */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 3748cd7c24..f03c290a3e 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -114,14 +114,14 @@
114 114
115 115
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h"
118#include "kssl_lcl.h"
117#include <openssl/buffer.h> 119#include <openssl/buffer.h>
118#include <openssl/rand.h> 120#include <openssl/rand.h>
119#include <openssl/objects.h> 121#include <openssl/objects.h>
120#include <openssl/evp.h> 122#include <openssl/evp.h>
121#include <openssl/x509.h> 123#include <openssl/x509.h>
122#include <openssl/krb5_asn.h> 124#include <openssl/krb5_asn.h>
123#include "ssl_locl.h"
124#include "kssl_lcl.h"
125#include <openssl/md5.h> 125#include <openssl/md5.h>
126 126
127static SSL_METHOD *ssl3_get_server_method(int ver); 127static SSL_METHOD *ssl3_get_server_method(int ver);
@@ -1560,8 +1560,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
1560 EVP_CIPHER *enc = NULL; 1560 EVP_CIPHER *enc = NULL;
1561 unsigned char iv[EVP_MAX_IV_LENGTH]; 1561 unsigned char iv[EVP_MAX_IV_LENGTH];
1562 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH 1562 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
1563 + EVP_MAX_IV_LENGTH + 1]; 1563 + EVP_MAX_BLOCK_LENGTH];
1564 int padl, outl = sizeof(pms); 1564 int padl, outl;
1565 krb5_timestamp authtime = 0; 1565 krb5_timestamp authtime = 0;
1566 krb5_ticket_times ttimes; 1566 krb5_ticket_times ttimes;
1567 1567
@@ -1584,6 +1584,16 @@ static int ssl3_get_client_key_exchange(SSL *s)
1584 enc_pms.data = (char *)p; 1584 enc_pms.data = (char *)p;
1585 p+=enc_pms.length; 1585 p+=enc_pms.length;
1586 1586
1587 /* Note that the length is checked again below,
1588 ** after decryption
1589 */
1590 if(enc_pms.length > sizeof pms)
1591 {
1592 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1593 SSL_R_DATA_LENGTH_TOO_LONG);
1594 goto err;
1595 }
1596
1587 if (n != enc_ticket.length + authenticator.length + 1597 if (n != enc_ticket.length + authenticator.length +
1588 enc_pms.length + 6) 1598 enc_pms.length + 6)
1589 { 1599 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-27 15:07:52 +0000