1 files changed, 14 insertions, 19 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 58cf774967..a2c17f2950 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -121,9 +121,10 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_KRB5
 #include <openssl/krb5_asn.h>
+#endif
 #include <openssl/md5.h>
-#include "cryptlib.h"
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -152,18 +153,11 @@ SSL_METHOD *SSLv3_server_method(void)
        if (init)
                {
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+                memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                        sizeof(SSL_METHOD));
-                if (init)
+                SSLv3_server_data.ssl_accept=ssl3_accept;
-                        {
+                SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                        memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+                init=0;
-                                sizeof(SSL_METHOD));
-                        SSLv3_server_data.ssl_accept=ssl3_accept;
-                        SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-                        init=0;
-                        }
-                        
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                }
        return(&SSLv3_server_data);
        }
@@ -1178,7 +1172,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                        kn=0;
                        }
-                if (!BUF_MEM_grow_clean(buf,n+4+kn))
+                if (!BUF_MEM_grow(buf,n+4+kn))
                        {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
                        goto err;
@@ -1305,7 +1299,7 @@ static int ssl3_send_certificate_request(SSL *s)
                                {
                                name=sk_X509_NAME_value(sk,i);
                                j=i2d_X509_NAME(name,NULL);
-                                if (!BUF_MEM_grow_clean(buf,4+n+j+2))
+                                if (!BUF_MEM_grow(buf,4+n+j+2))
                                        {
                                        SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
                                        goto err;
@@ -1472,6 +1466,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                 * made up by the adversary is properly formatted except
                                 * that the version number is wrong.  To avoid such attacks,
                                 * we should treat this just like any other decryption error. */
+                                p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
                                }
                        }
@@ -1491,7 +1486,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,
                                p,i);
-                OPENSSL_cleanse(p,i);
+                memset(p,0,i);
                }
        else
 #endif
@@ -1554,7 +1549,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                s->session->master_key_length=
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,p,i);
-                OPENSSL_cleanse(p,i);
+                memset(p,0,i);
                }
        else
 #endif
@@ -1657,7 +1652,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                if (enc == NULL)
                    goto err;
-                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
+                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
                if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                        {
@@ -1745,7 +1740,7 @@ static int ssl3_get_cert_verify(SSL *s)
                SSL3_ST_SR_CERT_VRFY_A,
                SSL3_ST_SR_CERT_VRFY_B,
                -1,
-                514, /* 514? */
+                512, /* 512? */
                &ok);
        if (!ok) return((int)n);

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 58cf774967..a2c17f2950 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -121,9 +121,10 @@
121	#include <openssl/objects.h>	121	#include <openssl/objects.h>
122	#include <openssl/evp.h>	122	#include <openssl/evp.h>
123	#include <openssl/x509.h>	123	#include <openssl/x509.h>
		124	#ifndef OPENSSL_NO_KRB5
124	#include <openssl/krb5_asn.h>	125	#include <openssl/krb5_asn.h>
		126	#endif
125	#include <openssl/md5.h>	127	#include <openssl/md5.h>
126	#include "cryptlib.h"
127		128
128	static SSL_METHOD *ssl3_get_server_method(int ver);	129	static SSL_METHOD *ssl3_get_server_method(int ver);
129	static int ssl3_get_client_hello(SSL *s);	130	static int ssl3_get_client_hello(SSL *s);
@@ -152,18 +153,11 @@ SSL_METHOD *SSLv3_server_method(void)
152		153
153	if (init)	154	if (init)
154	{	155	{
155	CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);	156	memcpy((char )&SSLv3_server_data,(char )sslv3_base_method(),
156		157	sizeof(SSL_METHOD));
157	if (init)	158	SSLv3_server_data.ssl_accept=ssl3_accept;
158	{	159	SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
159	memcpy((char )&SSLv3_server_data,(char )sslv3_base_method(),	160	init=0;
160	sizeof(SSL_METHOD));
161	SSLv3_server_data.ssl_accept=ssl3_accept;
162	SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
163	init=0;
164	}
165
166	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
167	}	161	}
168	return(&SSLv3_server_data);	162	return(&SSLv3_server_data);
169	}	163	}
@@ -1178,7 +1172,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
1178	kn=0;	1172	kn=0;
1179	}	1173	}
1180		1174
1181	if (!BUF_MEM_grow_clean(buf,n+4+kn))	1175	if (!BUF_MEM_grow(buf,n+4+kn))
1182	{	1176	{
1183	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);	1177	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1184	goto err;	1178	goto err;
@@ -1305,7 +1299,7 @@ static int ssl3_send_certificate_request(SSL *s)
1305	{	1299	{
1306	name=sk_X509_NAME_value(sk,i);	1300	name=sk_X509_NAME_value(sk,i);
1307	j=i2d_X509_NAME(name,NULL);	1301	j=i2d_X509_NAME(name,NULL);
1308	if (!BUF_MEM_grow_clean(buf,4+n+j+2))	1302	if (!BUF_MEM_grow(buf,4+n+j+2))
1309	{	1303	{
1310	SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);	1304	SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1311	goto err;	1305	goto err;
@@ -1472,6 +1466,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1472	* made up by the adversary is properly formatted except	1466	* made up by the adversary is properly formatted except
1473	* that the version number is wrong. To avoid such attacks,	1467	* that the version number is wrong. To avoid such attacks,
1474	* we should treat this just like any other decryption error. */	1468	* we should treat this just like any other decryption error. */
		1469	p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
1475	}	1470	}
1476	}	1471	}
1477		1472
@@ -1491,7 +1486,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1491	s->method->ssl3_enc->generate_master_secret(s,	1486	s->method->ssl3_enc->generate_master_secret(s,
1492	s->session->master_key,	1487	s->session->master_key,
1493	p,i);	1488	p,i);
1494	OPENSSL_cleanse(p,i);	1489	memset(p,0,i);
1495	}	1490	}
1496	else	1491	else
1497	#endif	1492	#endif
@@ -1554,7 +1549,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1554	s->session->master_key_length=	1549	s->session->master_key_length=
1555	s->method->ssl3_enc->generate_master_secret(s,	1550	s->method->ssl3_enc->generate_master_secret(s,
1556	s->session->master_key,p,i);	1551	s->session->master_key,p,i);
1557	OPENSSL_cleanse(p,i);	1552	memset(p,0,i);
1558	}	1553	}
1559	else	1554	else
1560	#endif	1555	#endif
@@ -1657,7 +1652,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1657	if (enc == NULL)	1652	if (enc == NULL)
1658	goto err;	1653	goto err;
1659		1654
1660	memset(iv, 0, sizeof iv); /* per RFC 1510 */	1655	memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
1661		1656
1662	if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))	1657	if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
1663	{	1658	{
@@ -1745,7 +1740,7 @@ static int ssl3_get_cert_verify(SSL *s)
1745	SSL3_ST_SR_CERT_VRFY_A,	1740	SSL3_ST_SR_CERT_VRFY_A,
1746	SSL3_ST_SR_CERT_VRFY_B,	1741	SSL3_ST_SR_CERT_VRFY_B,
1747	-1,	1742	-1,
1748	514, /* 514? */	1743	512, /* 512? */
1749	&ok);	1744	&ok);
1750		1745
1751	if (!ok) return((int)n);	1746	if (!ok) return((int)n);