import openssl-0.9.7-stable-SNAP-20020911 (without idea)

author: markus <> 2002-09-12 20:53:05 +0000
committer: markus <> 2002-09-12 20:53:05 +0000
commit: 31392c89d1135cf2a416f97295f6d21681b3fbc4 (patch)
tree: 09ce0b27981cae5a4625fa506a24d5c79fc8a13a /src/lib/libssl
parent: 715a204e4615e4a70a466fcb383a9a57cad5e6b8 (diff)
download: openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.gz
openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.bz2
openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.zip
9 files changed, 53 insertions, 12 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 5da519e7e4..432a17b66c 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
 Examples:
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
 Issuer Alternative Name.
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 2699b5863b..2b58482484 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
                *(p++)=i;
                if (i != 0)
                        {
-                        die(i <= sizeof s->session->session_id);
+                        if (i > sizeof s->session->session_id)
+                                {
+                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                        memcpy(p,s->session->session_id,i);
                        p+=i;
                        }
@@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                SSL_MAX_MASTER_KEY_LENGTH);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
-                        die(outl <= sizeof epms);
+                        if (outl > sizeof epms)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
                        /*  KerberosWrapper.EncryptedPreMasterSecret    */
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 782b57f57a..20d716fb1b 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s)
                        s->session->session_id_length=0;
                sl=s->session->session_id_length;
-                die(sl <= sizeof s->session->session_id);
+                if (sl > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                *(p++)=sl;
                memcpy(p,s->session->session_id,sl);
                p+=sl;
@@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                /* Note that the length is checked again below,
                ** after decryption
                */
-                if(enc.pms_length > sizeof pms)
+                if(enc_pms.length > sizeof pms)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                               SSL_R_DATA_LENGTH_TOO_LONG);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d9949e8eb2..e9d1e896d7 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
 /* Function codes. */
 #define SSL_F_CLIENT_CERTIFICATE                         100
+#define SSL_F_CLIENT_FINISHED                            238
 #define SSL_F_CLIENT_HELLO                               101
 #define SSL_F_CLIENT_MASTER_KEY                          102
 #define SSL_F_D2I_SSL_SESSION                            103
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_I2D_SSL_SESSION                            111
 #define SSL_F_READ_N                                     112
 #define SSL_F_REQUEST_CERTIFICATE                        113
+#define SSL_F_SERVER_FINISH                              239
 #define SSL_F_SERVER_HELLO                               114
+#define SSL_F_SERVER_VERIFY                              240
 #define SSL_F_SSL23_ACCEPT                               115
 #define SSL_F_SSL23_CLIENT_HELLO                         116
 #define SSL_F_SSL23_CONNECT                              117
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL2_ACCEPT                                122
 #define SSL_F_SSL2_CONNECT                               123
 #define SSL_F_SSL2_ENC_INIT                              124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
 #define SSL_F_SSL2_PEEK                                  234
 #define SSL_F_SSL2_READ                                  125
 #define SSL_F_SSL2_READ_INTERNAL                         236
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
 #define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
 #define SSL_F_SSL3_SETUP_BUFFERS                         156
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SHORT_READ                                 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                1114
 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 1638c6b525..3723fc2e37 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
        if (os.length > i)
-                os.length=i;
+                os.length = i;
+        if (os.length > sizeof ret->session_id) /* can't happen */
+                os.length = sizeof ret->session_id;
        ret->session_id_length=os.length;
-        die(os.length <= sizeof ret->session_id);
        memcpy(ret->session_id,os.data,os.length);
        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 0cad32c855..7067a745f3 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -67,6 +67,7 @@
 static ERR_STRING_DATA SSL_str_functs[]=
        {
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),        "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),   "CLIENT_FINISHED"},
 {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),      "CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
 {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),   "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),   "i2d_SSL_SESSION"},
 {ERR_PACK(0,SSL_F_READ_N,0),    "READ_N"},
 {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),       "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0),     "SERVER_FINISH"},
 {ERR_PACK(0,SSL_F_SERVER_HELLO,0),      "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0),     "SERVER_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),      "SSL23_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),        "SSL23_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),     "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),       "SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),      "SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),     "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),        "SSL2_GENERATE_KEY_MATERIAL"},
 {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
 {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),        "SSL2_READ_INTERNAL"},
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),   "SSL3_SEND_CLIENT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),      "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),    "SSL3_SEND_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),        "SSL3_SETUP_BUFFERS"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),      "SSL3_SETUP_KEY_BLOCK"},
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index ab172aeaec..4bc4ce5b3a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
                abort(); /* ok */
                }
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
        if (a->sessions != NULL)
-                {
                SSL_CTX_flush_sessions(a,0);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        if (a->sessions != NULL)
                lh_free(a->sessions);
-                }
        if (a->cert_store != NULL)
                X509_STORE_free(a->cert_store);
        if (a->cipher_list != NULL)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index fe4ac839cf..dd6c7a7323 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
+int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 8bfc382bb6..ca1a7427be 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session)
                ss->session_id_length=0;
                }
-        die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+        if (s->sid_ctx_length > sizeof ss->sid_ctx)
+                {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+                }
        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
        ss->sid_ctx_length=s->sid_ctx_length;
        s->session=ss;
author	markus <>	2002-09-12 20:53:05 +0000
committer	markus <>	2002-09-12 20:53:05 +0000
commit	31392c89d1135cf2a416f97295f6d21681b3fbc4 (patch)
tree	09ce0b27981cae5a4625fa506a24d5c79fc8a13a /src/lib/libssl
parent	715a204e4615e4a70a466fcb383a9a57cad5e6b8 (diff)
download	openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.gz openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.bz2 openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.zip

diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 5da519e7e4..432a17b66c 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
344		344
345	Examples:	345	Examples:
346		346
347	subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/	347	subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
348	subjectAltName=email:my@other.address,RID:1.2.3.4	348	subjectAltName=email:my@other.address,RID:1.2.3.4
349		349
350	Issuer Alternative Name.	350	Issuer Alternative Name.


diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 2699b5863b..2b58482484 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
546	*(p++)=i;	546	*(p++)=i;
547	if (i != 0)	547	if (i != 0)
548	{	548	{
549	die(i <= sizeof s->session->session_id);	549	if (i > sizeof s->session->session_id)
		550	{
		551	SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
		552	goto err;
		553	}
550	memcpy(p,s->session->session_id,i);	554	memcpy(p,s->session->session_id,i);
551	p+=i;	555	p+=i;
552	}	556	}
@@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
1598	SSL_MAX_MASTER_KEY_LENGTH);	1602	SSL_MAX_MASTER_KEY_LENGTH);
1599	EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);	1603	EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
1600	outl += padl;	1604	outl += padl;
1601	die(outl <= sizeof epms);	1605	if (outl > sizeof epms)
		1606	{
		1607	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
		1608	goto err;
		1609	}
1602	EVP_CIPHER_CTX_cleanup(&ciph_ctx);	1610	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1603		1611
1604	/* KerberosWrapper.EncryptedPreMasterSecret */	1612	/* KerberosWrapper.EncryptedPreMasterSecret */


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 782b57f57a..20d716fb1b 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s)
965	s->session->session_id_length=0;	965	s->session->session_id_length=0;
966		966
967	sl=s->session->session_id_length;	967	sl=s->session->session_id_length;
968	die(sl <= sizeof s->session->session_id);	968	if (sl > sizeof s->session->session_id)
		969	{
		970	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
		971	return -1;
		972	}
969	*(p++)=sl;	973	*(p++)=sl;
970	memcpy(p,s->session->session_id,sl);	974	memcpy(p,s->session->session_id,sl);
971	p+=sl;	975	p+=sl;
@@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1588	/* Note that the length is checked again below,	1592	/* Note that the length is checked again below,
1589	** after decryption	1593	** after decryption
1590	*/	1594	*/
1591	if(enc.pms_length > sizeof pms)	1595	if(enc_pms.length > sizeof pms)
1592	{	1596	{
1593	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,	1597	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1594	SSL_R_DATA_LENGTH_TOO_LONG);	1598	SSL_R_DATA_LENGTH_TOO_LONG);


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index d9949e8eb2..e9d1e896d7 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
1462		1462
1463	/* Function codes. */	1463	/* Function codes. */
1464	#define SSL_F_CLIENT_CERTIFICATE 100	1464	#define SSL_F_CLIENT_CERTIFICATE 100
		1465	#define SSL_F_CLIENT_FINISHED 238
1465	#define SSL_F_CLIENT_HELLO 101	1466	#define SSL_F_CLIENT_HELLO 101
1466	#define SSL_F_CLIENT_MASTER_KEY 102	1467	#define SSL_F_CLIENT_MASTER_KEY 102
1467	#define SSL_F_D2I_SSL_SESSION 103	1468	#define SSL_F_D2I_SSL_SESSION 103
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
1475	#define SSL_F_I2D_SSL_SESSION 111	1476	#define SSL_F_I2D_SSL_SESSION 111
1476	#define SSL_F_READ_N 112	1477	#define SSL_F_READ_N 112
1477	#define SSL_F_REQUEST_CERTIFICATE 113	1478	#define SSL_F_REQUEST_CERTIFICATE 113
		1479	#define SSL_F_SERVER_FINISH 239
1478	#define SSL_F_SERVER_HELLO 114	1480	#define SSL_F_SERVER_HELLO 114
		1481	#define SSL_F_SERVER_VERIFY 240
1479	#define SSL_F_SSL23_ACCEPT 115	1482	#define SSL_F_SSL23_ACCEPT 115
1480	#define SSL_F_SSL23_CLIENT_HELLO 116	1483	#define SSL_F_SSL23_CLIENT_HELLO 116
1481	#define SSL_F_SSL23_CONNECT 117	1484	#define SSL_F_SSL23_CONNECT 117
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
1487	#define SSL_F_SSL2_ACCEPT 122	1490	#define SSL_F_SSL2_ACCEPT 122
1488	#define SSL_F_SSL2_CONNECT 123	1491	#define SSL_F_SSL2_CONNECT 123
1489	#define SSL_F_SSL2_ENC_INIT 124	1492	#define SSL_F_SSL2_ENC_INIT 124
		1493	#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1490	#define SSL_F_SSL2_PEEK 234	1494	#define SSL_F_SSL2_PEEK 234
1491	#define SSL_F_SSL2_READ 125	1495	#define SSL_F_SSL2_READ 125
1492	#define SSL_F_SSL2_READ_INTERNAL 236	1496	#define SSL_F_SSL2_READ_INTERNAL 236
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
1523	#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152	1527	#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1524	#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153	1528	#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1525	#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154	1529	#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
		1530	#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1526	#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155	1531	#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1527	#define SSL_F_SSL3_SETUP_BUFFERS 156	1532	#define SSL_F_SSL3_SETUP_BUFFERS 156
1528	#define SSL_F_SSL3_SETUP_KEY_BLOCK 157	1533	#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
1747	#define SSL_R_SHORT_READ 219	1752	#define SSL_R_SHORT_READ 219
1748	#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220	1753	#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1749	#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221	1754	#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
		1755	#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
1750	#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113	1756	#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
1751	#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222	1757	#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1752	#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042	1758	#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042


diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 1638c6b525..3723fc2e37 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c
@@ -294,10 +294,11 @@ SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, unsigned char *pp,
294	i=SSL2_MAX_SSL_SESSION_ID_LENGTH;	294	i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
295		295
296	if (os.length > i)	296	if (os.length > i)
297	os.length=i;	297	os.length = i;
		298	if (os.length > sizeof ret->session_id) /* can't happen */
		299	os.length = sizeof ret->session_id;
298		300
299	ret->session_id_length=os.length;	301	ret->session_id_length=os.length;
300	die(os.length <= sizeof ret->session_id);
301	memcpy(ret->session_id,os.data,os.length);	302	memcpy(ret->session_id,os.data,os.length);
302		303
303	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);	304	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);


diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 0cad32c855..7067a745f3 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c
@@ -67,6 +67,7 @@
67	static ERR_STRING_DATA SSL_str_functs[]=	67	static ERR_STRING_DATA SSL_str_functs[]=
68	{	68	{
69	{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},	69	{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
		70	{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
70	{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},	71	{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
71	{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},	72	{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
72	{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},	73	{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
80	{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},	81	{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
81	{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},	82	{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
82	{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},	83	{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
		84	{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
83	{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},	85	{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
		86	{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
84	{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},	87	{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
85	{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},	88	{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
86	{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},	89	{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
92	{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},	95	{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
93	{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},	96	{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
94	{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},	97	{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
		98	{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
95	{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},	99	{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
96	{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},	100	{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
97	{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},	101	{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
128	{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},	132	{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
129	{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},	133	{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
130	{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},	134	{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
		135	{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
131	{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},	136	{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
132	{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},	137	{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
133	{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},	138	{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
355	{SSL_R_SHORT_READ ,"short read"},	360	{SSL_R_SHORT_READ ,"short read"},
356	{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},	361	{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
357	{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},	362	{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
		363	{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
358	{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},	364	{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
359	{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},	365	{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
360	{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},	366	{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
1405	abort(); /* ok */	1405	abort(); /* ok */
1406	}	1406	}
1407	#endif	1407	#endif
1408	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1409		1408
		1409	/*
		1410	* Free internal session cache. However: the remove_cb() may reference
		1411	* the ex_data of SSL_CTX, thus the ex_data store can only be removed
		1412	* after the sessions were flushed.
		1413	* As the ex_data handling routines might also touch the session cache,
		1414	* the most secure solution seems to be: empty (flush) the cache, then
		1415	* free ex_data, then finally free the cache.
		1416	* (See ticket [openssl.org #212].)
		1417	*/
1410	if (a->sessions != NULL)	1418	if (a->sessions != NULL)
1411	{
1412	SSL_CTX_flush_sessions(a,0);	1419	SSL_CTX_flush_sessions(a,0);
		1420
		1421	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
		1422
		1423	if (a->sessions != NULL)
1413	lh_free(a->sessions);	1424	lh_free(a->sessions);
1414	}	1425
1415	if (a->cert_store != NULL)	1426	if (a->cert_store != NULL)
1416	X509_STORE_free(a->cert_store);	1427	X509_STORE_free(a->cert_store);
1417	if (a->cipher_list != NULL)	1428	if (a->cipher_list != NULL)


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index fe4ac839cf..dd6c7a7323 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);
510	int ssl_verify_alarm_type(long type);	510	int ssl_verify_alarm_type(long type);
511		511
512	int ssl2_enc_init(SSL *s, int client);	512	int ssl2_enc_init(SSL *s, int client);
513	void ssl2_generate_key_material(SSL *s);	513	int ssl2_generate_key_material(SSL *s);
514	void ssl2_enc(SSL *s,int send_data);	514	void ssl2_enc(SSL *s,int send_data);
515	void ssl2_mac(SSL s,unsigned char mac,int send_data);	515	void ssl2_mac(SSL s,unsigned char mac,int send_data);
516	SSL_CIPHER ssl2_get_cipher_by_char(const unsigned char p);	516	SSL_CIPHER ssl2_get_cipher_by_char(const unsigned char p);


diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8bfc382bb6..ca1a7427be 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session)
251	ss->session_id_length=0;	251	ss->session_id_length=0;
252	}	252	}
253		253
254	die(s->sid_ctx_length <= sizeof ss->sid_ctx);	254	if (s->sid_ctx_length > sizeof ss->sid_ctx)
		255	{
		256	SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
		257	SSL_SESSION_free(ss);
		258	return 0;
		259	}
255	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);	260	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
256	ss->sid_ctx_length=s->sid_ctx_length;	261	ss->sid_ctx_length=s->sid_ctx_length;
257	s->session=ss;	262	s->session=ss;