diff options
| author |   markus <markus@openbsd.org> | 2002-09-14 11:18:01 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2002-09-14 11:18:01 +0000 |
| commit | cf5de1f602bfe31a1de0d5bcba280f0bf0a50ae2 (patch) | |
| tree | 2658bb71397039b6e8ea6265a0bfe5a109de2a64 /lib/libssl/src/ssl/s2_lib.c | |
| parent | spaces (diff) | |
| download | wireguard-openbsd-cf5de1f602bfe31a1de0d5bcba280f0bf0a50ae2.tar.xz wireguard-openbsd-cf5de1f602bfe31a1de0d5bcba280f0bf0a50ae2.zip | |
merge with openssl-0.9.7-stable-SNAP-20020911,
new minor for libcrypto (_X509_REQ_print_ex)
tested by miod@, pb@
Diffstat (limited to 'lib/libssl/src/ssl/s2_lib.c')
| -rw-r--r-- | lib/libssl/src/ssl/s2_lib.c | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/lib/libssl/src/ssl/s2_lib.c b/lib/libssl/src/ssl/s2_lib.c index 247f4603a6f..df2ea875de1 100644 --- a/lib/libssl/src/ssl/s2_lib.c +++ b/lib/libssl/src/ssl/s2_lib.c @@ -63,7 +63,6 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> -#include "ssl_locl.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -418,12 +417,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -void ssl2_generate_key_material(SSL *s) +int ssl2_generate_key_material(SSL *s) { unsigned int i; EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', @@ -431,23 +433,35 @@ void ssl2_generate_key_material(SSL *s) #endif EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - die(s->s2->key_material_length <= sizeof s->s2->key_material); - for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) + + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + { + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + EVP_DigestInit_ex(&ctx, md5, NULL); - die(s->session->master_key_length >= 0 - && s->session->master_key_length - < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); EVP_DigestFinal_ex(&ctx,km,NULL); - km+=MD5_DIGEST_LENGTH; + km += EVP_MD_size(md5); } + EVP_MD_CTX_cleanup(&ctx); + return 1; } void ssl2_return_error(SSL *s, int err) @@ -472,10 +486,14 @@ void ssl2_write_error(SSL *s) buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ - error=s->error; + + error=s->error; /* number of bytes left to write */ s->error=0; - die(error >= 0 && error <= 3); + if (error < 0 || error > sizeof buf) /* can't happen */ + return; + i=ssl2_write(s,&(buf[3-error]),error); + /* if (i == error) s->rwstate=state; */ if (i < 0) |