1 --- crypto/cryptlib.c.orig Fri Nov 23 13:57:59 2001
2 +++ crypto/cryptlib.c Fri Jul 26 10:43:56 2002
8 +void OpenSSLDie(const char *file,int line,const char *assertion)
10 + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
11 + file,line,assertion);
15 --- crypto/cryptlib.h.orig Tue May 2 06:35:04 2000
16 +++ crypto/cryptlib.h Fri Jul 26 10:43:56 2002
18 #define X509_CERT_DIR_EVP "SSL_CERT_DIR"
19 #define X509_CERT_FILE_EVP "SSL_CERT_FILE"
21 +/* size of string represenations */
22 +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
23 +#define HEX_SIZE(type) ((sizeof(type)*2)
25 +/* die if we have to */
26 +void OpenSSLDie(const char *file,int line,const char *assertion);
27 +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
32 --- crypto/asn1/asn1_lib.c.orig Fri Mar 30 06:42:32 2001
33 +++ crypto/asn1/asn1_lib.c Fri Jul 26 10:43:56 2002
40 #include <openssl/asn1.h>
41 #include <openssl/asn1_mac.h>
47 - if ((p+ *plength) > (omax+ *pp))
48 + if (*plength > (omax - (p - *pp)))
50 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
51 /* Set this so that even if things are not long enough
52 * the values are set correctly */
60 static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
62 unsigned char *p= *pp;
64 + unsigned long ret=0;
67 if (max-- < 1) return(0);
72 + if (i > sizeof(long))
74 if (max-- == 0) return(0);
91 void asn1_add_error(unsigned char *address, int offset)
93 - char buf1[16],buf2[16];
94 + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
96 sprintf(buf1,"%lu",(unsigned long)address);
97 sprintf(buf2,"%d",offset);
98 --- crypto/conf/conf_def.c.orig Tue Jun 6 09:21:12 2000
99 +++ crypto/conf/conf_def.c Fri Jul 26 10:43:56 2002
101 #include "conf_def.h"
102 #include <openssl/buffer.h>
103 #include <openssl/err.h>
104 +#include "cryptlib.h"
106 static char *eat_ws(CONF *conf, char *p);
107 static char *eat_alpha_numeric(CONF *conf, char *p);
108 @@ -180,12 +181,12 @@
109 static int def_load(CONF *conf, BIO *in, long *line)
118 + char btmp[DECIMAL_SIZE(eline)+1];
119 CONF_VALUE *v=NULL,*tv;
121 char *section=NULL,*buf;
122 --- crypto/objects/obj_dat.c.orig Mon Sep 4 09:34:35 2000
123 +++ crypto/objects/obj_dat.c Fri Jul 26 10:43:56 2002
129 + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
131 if (buf_len <= 0) return(0);
133 --- ssl/s2_clnt.c.orig Sat Nov 10 03:43:51 2001
134 +++ ssl/s2_clnt.c Fri Jul 26 10:43:56 2002
136 #include <openssl/buffer.h>
137 #include <openssl/objects.h>
138 #include <openssl/evp.h>
139 +#include "cryptlib.h"
141 static SSL_METHOD *ssl2_get_client_method(int ver);
142 static int get_server_finished(SSL *s);
146 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
147 + die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
148 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
152 /* make key_arg data */
153 i=EVP_CIPHER_iv_length(c);
154 sess->key_arg_length=i;
155 + die(i <= SSL_MAX_KEY_ARG_LENGTH);
156 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
158 /* make a master key */
160 sess->master_key_length=i;
163 + die(i <= sizeof sess->master_key);
164 if (RAND_bytes(sess->master_key,i) <= 0)
166 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
169 karg=sess->key_arg_length;
170 s2n(karg,p); /* key arg size */
171 + die(karg <= sizeof sess->key_arg);
172 memcpy(d,sess->key_arg,(unsigned int)karg);
177 p=(unsigned char *)s->init_buf->data;
178 *(p++)=SSL2_MT_CLIENT_FINISHED;
179 + die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
180 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
182 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
185 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
187 + die(s->session->session_id_length
188 + <= sizeof s->session->session_id);
189 if (memcmp(buf,s->session->session_id,
190 (unsigned int)s->session->session_id_length) != 0)
192 --- ssl/s2_lib.c.orig Tue Dec 26 05:06:47 2000
193 +++ ssl/s2_lib.c Fri Jul 26 10:52:20 2002
195 #include <openssl/rsa.h>
196 #include <openssl/objects.h>
197 #include <openssl/md5.h>
198 +#include "cryptlib.h"
200 static long ssl2_default_timeout(void );
201 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
202 @@ -425,10 +426,14 @@
205 km=s->s2->key_material;
206 + die(s->s2->key_material_length <= sizeof s->s2->key_material);
207 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
212 + die(s->session->master_key_length >= 0
213 + && s->session->master_key_length
214 + < sizeof s->session->master_key);
215 MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
216 MD5_Update(&ctx,&c,1);
219 /* state=s->rwstate;*/
222 + die(error >= 0 && error <= 3);
223 i=ssl2_write(s,&(buf[3-error]),error);
224 /* if (i == error) s->rwstate=state; */
226 --- ssl/s2_srvr.c.orig Wed Nov 14 14:19:47 2001
227 +++ ssl/s2_srvr.c Fri Jul 26 10:43:56 2002
229 #include <openssl/rand.h>
230 #include <openssl/objects.h>
231 #include <openssl/evp.h>
232 +#include "cryptlib.h"
234 static SSL_METHOD *ssl2_get_server_method(int ver);
235 static int get_client_master_key(SSL *s);
236 @@ -417,11 +418,18 @@
237 n2s(p,i); s->s2->tmp.clear=i;
238 n2s(p,i); s->s2->tmp.enc=i;
239 n2s(p,i); s->session->key_arg_length=i;
240 + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
242 + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
243 + SSL_R_KEY_ARG_TOO_LONG);
246 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
249 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
250 p=(unsigned char *)s->init_buf->data;
251 + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
252 keya=s->session->key_arg_length;
253 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
254 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
258 if (is_export) i+=s->s2->tmp.clear;
259 + die(i <= SSL_MAX_MASTER_KEY_LENGTH);
260 s->session->master_key_length=i;
261 memcpy(s->session->master_key,p,(unsigned int)i);
264 p+=s->s2->tmp.session_id_length;
267 + die(s->s2->challenge_length <= sizeof s->s2->challenge);
268 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
274 /* SSL2_ST_GET_CLIENT_FINISHED_B */
275 + die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
276 len = 1 + (unsigned long)s->s2->conn_id_length;
277 n = (int)len - s->init_num;
278 i = ssl2_read(s,(char *)&(p[s->init_num]),n);
281 p=(unsigned char *)s->init_buf->data;
282 *(p++)=SSL2_MT_SERVER_VERIFY;
283 + die(s->s2->challenge_length <= sizeof s->s2->challenge);
284 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
285 /* p+=s->s2->challenge_length; */
288 p=(unsigned char *)s->init_buf->data;
289 *(p++)=SSL2_MT_SERVER_FINISHED;
291 + die(s->session->session_id_length
292 + <= sizeof s->session->session_id);
293 memcpy(p,s->session->session_id,
294 (unsigned int)s->session->session_id_length);
295 /* p+=s->session->session_id_length; */
296 --- ssl/s3_clnt.c.orig Thu Oct 25 02:18:54 2001
297 +++ ssl/s3_clnt.c Fri Jul 26 10:56:23 2002
299 #include <openssl/sha.h>
300 #include <openssl/evp.h>
301 #include "ssl_locl.h"
302 +#include "cryptlib.h"
304 static SSL_METHOD *ssl3_get_client_method(int ver);
305 static int ssl3_client_hello(SSL *s);
310 + die(i <= sizeof s->session->session_id);
311 memcpy(p,s->session->session_id,i);
316 /* get the session-id */
319 + if(j > sizeof s->session->session_id)
321 + al=SSL_AD_ILLEGAL_PARAMETER;
322 + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
323 + SSL_R_SSL3_SESSION_ID_TOO_LONG);
327 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
329 --- ssl/ssl.h.orig Mon Dec 17 12:24:39 2001
330 +++ ssl/ssl.h Fri Jul 26 11:36:19 2002
331 @@ -1423,6 +1423,7 @@
332 #define SSL_R_INVALID_COMMAND 280
333 #define SSL_R_INVALID_PURPOSE 278
334 #define SSL_R_INVALID_TRUST 279
335 +#define SSL_R_KEY_ARG_TOO_LONG 1112
336 #define SSL_R_LENGTH_MISMATCH 159
337 #define SSL_R_LENGTH_TOO_SHORT 160
338 #define SSL_R_LIBRARY_BUG 274
339 @@ -1491,6 +1492,7 @@
340 #define SSL_R_SHORT_READ 219
341 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
342 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
343 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
344 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
345 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
346 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
347 --- ssl/ssl_asn1.c.orig Thu Jun 1 16:19:19 2000
348 +++ ssl/ssl_asn1.c Fri Jul 26 11:37:53 2002
350 #include <openssl/objects.h>
351 #include <openssl/x509.h>
352 #include "ssl_locl.h"
353 +#include "cryptlib.h"
355 typedef struct ssl_session_asn1_st
360 ret->session_id_length=os.length;
361 + die(os.length <= sizeof ret->session_id);
362 memcpy(ret->session_id,os.data,os.length);
364 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
365 --- ssl/ssl_err.c.orig Fri Nov 9 18:15:29 2001
366 +++ ssl/ssl_err.c Fri Jul 26 11:39:21 2002
369 /* ====================================================================
370 - * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
371 + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
373 * Redistribution and use in source and binary forms, with or without
374 * modification, are permitted provided that the following conditions
376 {SSL_R_INVALID_COMMAND ,"invalid command"},
377 {SSL_R_INVALID_PURPOSE ,"invalid purpose"},
378 {SSL_R_INVALID_TRUST ,"invalid trust"},
379 +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
380 {SSL_R_LENGTH_MISMATCH ,"length mismatch"},
381 {SSL_R_LENGTH_TOO_SHORT ,"length too short"},
382 {SSL_R_LIBRARY_BUG ,"library bug"},
384 {SSL_R_SHORT_READ ,"short read"},
385 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
386 {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
387 +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
388 {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
389 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
390 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
391 --- ssl/ssl_sess.c.orig Wed Nov 29 11:12:32 2000
392 +++ ssl/ssl_sess.c Fri Jul 26 10:43:56 2002
394 #include <openssl/lhash.h>
395 #include <openssl/rand.h>
396 #include "ssl_locl.h"
397 +#include "cryptlib.h"
399 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
400 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
402 ss->session_id_length=0;
405 + die(s->sid_ctx_length <= sizeof ss->sid_ctx);
406 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
407 ss->sid_ctx_length=s->sid_ctx_length;
409 --- ssl/s3_srvr.c.orig Thu Oct 25 02:18:56 2001
410 +++ ssl/s3_srvr.c Fri Jul 26 11:27:08 2002
412 #include <openssl/evp.h>
413 #include <openssl/x509.h>
414 #include "ssl_locl.h"
415 +#include "cryptlib.h"
417 static SSL_METHOD *ssl3_get_server_method(int ver);
418 static int ssl3_get_client_hello(SSL *s);
420 s->session->session_id_length=0;
422 sl=s->session->session_id_length;
423 + die(sl <= sizeof s->session->session_id);
425 memcpy(p,s->session->session_id,sl);