1 files changed, 18 insertions, 12 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index a2c17f2950..cd7b88eeb5 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -153,11 +153,18 @@ SSL_METHOD *SSLv3_server_method(void)
        if (init)
                {
-                memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-                        sizeof(SSL_METHOD));
-                SSLv3_server_data.ssl_accept=ssl3_accept;
+                if (init)
-                SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+                        {
-                init=0;
+                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                                sizeof(SSL_METHOD));
+                        SSLv3_server_data.ssl_accept=ssl3_accept;
+                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+                        init=0;
+                        }
+                        
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                }
        return(&SSLv3_server_data);
        }
@@ -1172,7 +1179,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                        kn=0;
                        }
-                if (!BUF_MEM_grow(buf,n+4+kn))
+                if (!BUF_MEM_grow_clean(buf,n+4+kn))
                        {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                        goto err;
@@ -1299,7 +1306,7 @@ static int ssl3_send_certificate_request(SSL *s)
                                {
                                name=sk_X509_NAME_value(sk,i);
                                j=i2d_X509_NAME(name,NULL);
-                                if (!BUF_MEM_grow(buf,4+n+j+2))
+                                if (!BUF_MEM_grow_clean(buf,4+n+j+2))
                                        {
                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                        goto err;
@@ -1466,7 +1473,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 * made up by the adversary is properly formatted except
                                 * that the version number is wrong.  To avoid such attacks,
                                 * we should treat this just like any other decryption error. */
-                                p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
                                }
                        }
@@ -1486,7 +1492,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,
                                p,i);
-                memset(p,0,i);
+                OPENSSL_cleanse(p,i);
                }
        else
 #endif
@@ -1549,7 +1555,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                s->session->master_key_length=
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,p,i);
-                memset(p,0,i);
+                OPENSSL_cleanse(p,i);
                }
        else
 #endif
@@ -1652,7 +1658,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                if (enc == NULL)
                    goto err;
-                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
+                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
                if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                        {
@@ -1740,7 +1746,7 @@ static int ssl3_get_cert_verify(SSL *s)
                SSL3_ST_SR_CERT_VRFY_A,
                SSL3_ST_SR_CERT_VRFY_B,
                -1,
-                512, /* 512? */
+                514, /* 514? */
                &ok);
        if (!ok) return((int)n);

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index a2c17f2950..cd7b88eeb5 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -153,11 +153,18 @@ SSL_METHOD *SSLv3_server_method(void)
153		153
154	if (init)	154	if (init)
155	{	155	{
156	memcpy((char )&SSLv3_server_data,(char )sslv3_base_method(),	156	CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
157	sizeof(SSL_METHOD));	157
158	SSLv3_server_data.ssl_accept=ssl3_accept;	158	if (init)
159	SSLv3_server_data.get_ssl_method=ssl3_get_server_method;	159	{
160	init=0;	160	memcpy((char )&SSLv3_server_data,(char )sslv3_base_method(),
		161	sizeof(SSL_METHOD));
		162	SSLv3_server_data.ssl_accept=ssl3_accept;
		163	SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
		164	init=0;
		165	}
		166
		167	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
161	}	168	}
162	return(&SSLv3_server_data);	169	return(&SSLv3_server_data);
163	}	170	}
@@ -1172,7 +1179,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
1172	kn=0;	1179	kn=0;
1173	}	1180	}
1174		1181
1175	if (!BUF_MEM_grow(buf,n+4+kn))	1182	if (!BUF_MEM_grow_clean(buf,n+4+kn))
1176	{	1183	{
1177	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);	1184	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1178	goto err;	1185	goto err;
@@ -1299,7 +1306,7 @@ static int ssl3_send_certificate_request(SSL *s)
1299	{	1306	{
1300	name=sk_X509_NAME_value(sk,i);	1307	name=sk_X509_NAME_value(sk,i);
1301	j=i2d_X509_NAME(name,NULL);	1308	j=i2d_X509_NAME(name,NULL);
1302	if (!BUF_MEM_grow(buf,4+n+j+2))	1309	if (!BUF_MEM_grow_clean(buf,4+n+j+2))
1303	{	1310	{
1304	SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);	1311	SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1305	goto err;	1312	goto err;
@@ -1466,7 +1473,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
1466	* made up by the adversary is properly formatted except	1473	* made up by the adversary is properly formatted except
1467	* that the version number is wrong. To avoid such attacks,	1474	* that the version number is wrong. To avoid such attacks,
1468	* we should treat this just like any other decryption error. */	1475	* we should treat this just like any other decryption error. */
1469	p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
1470	}	1476	}
1471	}	1477	}
1472		1478
@@ -1486,7 +1492,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1486	s->method->ssl3_enc->generate_master_secret(s,	1492	s->method->ssl3_enc->generate_master_secret(s,
1487	s->session->master_key,	1493	s->session->master_key,
1488	p,i);	1494	p,i);
1489	memset(p,0,i);	1495	OPENSSL_cleanse(p,i);
1490	}	1496	}
1491	else	1497	else
1492	#endif	1498	#endif
@@ -1549,7 +1555,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1549	s->session->master_key_length=	1555	s->session->master_key_length=
1550	s->method->ssl3_enc->generate_master_secret(s,	1556	s->method->ssl3_enc->generate_master_secret(s,
1551	s->session->master_key,p,i);	1557	s->session->master_key,p,i);
1552	memset(p,0,i);	1558	OPENSSL_cleanse(p,i);
1553	}	1559	}
1554	else	1560	else
1555	#endif	1561	#endif
@@ -1652,7 +1658,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1652	if (enc == NULL)	1658	if (enc == NULL)
1653	goto err;	1659	goto err;
1654		1660
1655	memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */	1661	memset(iv, 0, sizeof iv); /* per RFC 1510 */
1656		1662
1657	if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))	1663	if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
1658	{	1664	{
@@ -1740,7 +1746,7 @@ static int ssl3_get_cert_verify(SSL *s)
1740	SSL3_ST_SR_CERT_VRFY_A,	1746	SSL3_ST_SR_CERT_VRFY_A,
1741	SSL3_ST_SR_CERT_VRFY_B,	1747	SSL3_ST_SR_CERT_VRFY_B,
1742	-1,	1748	-1,
1743	512, /* 512? */	1749	514, /* 514? */
1744	&ok);	1750	&ok);
1745		1751
1746	if (!ok) return((int)n);	1752	if (!ok) return((int)n);